On this World Password Day, we should all pause and think about how we can adopt passkeys. Passkeys represent a significant industry shift in identity security, moving away from traditional credentials of usernames and passwords to a more secure “no knowledge” approach to authentication that is a vastly better user experience. As a form of passwordless authentication, passkeys aim to eliminate the inherent risk factors of traditional credentials.
Why not go further than “thinking and reading about passkeys?” Try passkeys! Here are the steps to set up a passkey in the Google Chrome browser on a Windows 11 laptop that is already enabled with Windows Hello Face Recognition:
Log on to your Google Account at myaccount.google.com using Chrome browser.
- On the left side of the window, click on Security.
- Under the “How you sign in to Google” section, click on Passkeys.
- Click the “Create a Passkey” button.
- Follow the prompts to verify your identity and “Save your Passkey”.
- Set the option to skip passwords when possible, in your security settings.
- Test your passkey by signing out and signing in again.
Passkeys can be created on these devices:
- A computer that runs Windows 10 or 11, macOS Ventura+, or ChromeOS 120
- A mobile device that runs at least iOS 16 or Android 9
- A modern browser such as Chrome v123.0 or Edge v123.0
- A hardware security key that supports the FIDO2 protocol (optional)
And remember, any use of biometrics and biometric data for fingerprint or face unlock remains on your device and is never shared with Google (in this example) or any website that accepts passkey.
In the spirit of World Password Day, now let’s delve into better password hygiene and password management practices. First, it’s time to do away with weak and reused passwords. Use complex passwords with>16 random characters or passphrases unique for every login. Since that can be onerous, using a password manager is optimal. Password managers can auto-generate and securely vault complex passwords. Plus, with a password manager, there is only one password you’ll have to remember: the one for your vault.
Passwords alone are woefully insufficient; you should always use multi-factor authentication (MFA). By combining multiple factors of authentication, you verify that the use of your credentials is really YOU. MFA is still considered a significant (albeit not a complete) deterrent for hackers attempting account takeover.
