Use Caution When Considering Google Passkeys

Posted on by Chris Kirkland
Caution using Google Passkeys

Google isn’t exactly a pillar of privacy protection.  Just to state the obvious.  

So when they entered the passkey market, some experts were left scratching their heads.  Ourselves included.

But the topic is nonetheless interesting and we want to weigh in for your benefit.

Read on to learn more about this new technology and how it compares to current password protection.

How Do Passkeys Work?

Supposedly more immune to cyber attacks, passkeys allow your sign in to websites and apps.  Convenience simply dictates the use of a local PIN or biometric identifier.

Their end goal is to eliminate the need for countless passwords

After being created, they are stored on your device.  Whether that’s a desktop computer or mobile phone.

Advertised benefits:

  1. Phishing-resistant for extra security
  2. Removes the need to remember passwords

Password protection apparently isn’t good enough anymore.  Although Google stated that SMS one-time codes are just as secure as their passkeys.

Maybe there’s still hope for “old-fashioned” methods.

One limitation is that this authentication isn’t truly interoperable.  Which basically means if you have multiple Google Accounts, you’ll need multiple passkeys. 

Speaking of this tech giant.

Passkeys FIDO Influence

Back in May 2023, Google followed the standard encouraged by the FIDO Alliance.  And in October, Google made passkeys the default sign-in method for all customers.  

This announcement came a few weeks after Microsoft adopted it for Windows 11. 

Before moving forward, it’s worth listing some FIDO members:

  • Google
  • PayPal
  • Meta
  • Amazon 

With an invested interest in this technology, major corporations are currently the biggest advocates.  We’d like to see reputable cybersecurity professionals weigh in before making a determination of its promise.

Another noteworthy fact.  

Google doesn’t recommend creating passkeys on shared devices.  Thinking critically, we see one issue with its verification.  Specifically biometrics.

If your fingerprint or retinal scan is hacked, passkey security protections can be bypassed.

Next, we’ll look at how it compares to two-factor authentication.

Is Passkeys Authentication More Secure Than 2FA?

We’re a major supporter of Two-Factor Authentication (2FA).

Recommended examples:

Google shared that passkeys negate the need for 2FA.  By proving you’re able to unlock a device and gain access. 

The only issue is Google’s poor track record of guarding customer data.  Which is well documented.

Until this new technology finds more trustworthy ambassadors, 2FA and Multi-Factor Authentication (MFA) are still strong options.

To conclude, passkeys may turn into a viable alternative to present choices.  But at this time, traditional cybersecurity wins out.

Cyber Team U.S. Protecting Families and Individuals

Cybersecurity protection is necessary in our digital age.  But it doesn’t need to be expensive or difficult to manage.  

And if it comes with industry-leading security, even better.

We proudly serve our customers as a U.S. cyber team.  

Veteran-owned, our services are performed by various vendors.  Add to that multiple suppliers.  

And the result you get is a decreased risk of compromised passwords! 

We offer a cybersecurity protection plan for freelancers, families, and others seeking a better choice than big-box companies.

Two-factor methods we support include:

  • TOTP
  • Fingerprint
  • Face ID
  • U2F security keys

Take the first step to safeguard your online activity and also that of your loved ones!