The Weekly Breach Breakdown Podcast by ITRC - Passwordless by Default - S4E30

Show Transcript

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for October 20, 2023. Thanks to Sentilink for their support of the podcast and the ITRC. Each week, we look at the most recent events and trends related to data security and privacy. This week, we give you the latest news on passkeys, particularly Google passkeys, a topic that has been discussed for years by the ITRC and on our podcasts.

Google Passkeys Become Default Login Option for Personal Accounts

In May, we told you about Google’s efforts to begin the rollout of passkeys. Last week, Google took it one step further and announced that it would make passkeys the default login method for its personal accounts. The Google passkeys news has led to many questions. Let’s break it down.

How it Works

 When users sign in to their personal accounts, instead of using a username and password, they will see a prompt to create and use a passkey (typically a face scan, fingerprint or PIN), as well as the “Skip password when possible” option turned on in their account settings. However, Google will allow users to opt out of using them by turning off the skip password setting.

What it Means

In a company blog, Google Senior Product Manager Sriram Karra and Group Product Manager Christiaan Brand wrote that passkeys are 40 percent faster to use than passwords and rely on a type of cryptography that makes them more secure. Karra and Brand say passkeys will help spare people the headache of remembering all those numbers and special characters in passwords and add that passkeys are phishing-resistant. Karra and Brand conclude by saying Google’s goal is to encourage the pivot to Google passkeys — making passwords a rarity and eventually obsolete.

In a recent TechNewsWorld article, many cybersecurity experts say this news is a big deal and a big step towards moving people away from passwords. One of those experts was ITRC Chief Operating Officer and a regular host of this podcast, James E. Lee. Lee says that the infrastructure for users is largely in place now that Apple, Google and Microsoft have launched operating systems that accommodate passkeys. He adds that the next step is for website owners to adapt their infrastructures to receive passkeys for adoption to accelerate internal and external use.

Momentum on this initiative began last year when Google, Apple, Microsoft and ITRC partner the FIDO Alliance announced they would start work supporting passkeys on their platforms. The FIDO Alliance, an industry group made up of tech’s biggest companies, has spent years working on this project, one of the largest implementations of password-free technology that’s been seen.

What is Next

While the Google passkeys news is a big step, experts say the rollout will take time. However, Google says since launching passkeys earlier this year, users have used the function on YouTube, Search and Maps. They say they are encouraged by the results. While it is yet to be seen how this step in the adoption of passkeys goes, one thing is clear: the end of passwords is near.

Contact the ITRC

If you want to know more about how to protect your business or personal information or think you have been the victim of an identity crime, you can speak with an expert ITRC advisor on the phone, chat live on the web, or exchange emails during our normal business hours (Monday-Friday, 6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.

Thanks again to Sentilink for their support of the ITRC and this podcast. Next week, we will have an episode of our sister podcast, The Fraudian Slip, breaking down the findings in our 2023 Business Impact Report, which will be released on October 24. The report looks at the impacts of identity crimes and cyberattacks on small businesses and solopreneurs. There may be some eye-opening statistics. You will be able to download the report by visiting www.idtheftcenter.org/publications. We will return in two weeks with another episode of the Weekly Breach Breakdown.