Understand passkeys in 4 minutes

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
Passwords have been around for a long time but they're a pain for your users and a liability for you as a developer. Strong passwords are difficult to remember so many people don't bother creating strong passwords or they reuse the same password for everything. Password managers help here. Google Password Manager, for example, generates a strong password autofills it to the right domains and apps and synchronizes it across devices. But the reality is, not all users rely on password managers. On top of that, passwords are just not very secure. Two-factor authentication does improve security but it adds extra steps for users and costs you money. But it doesn't have to be like that. You can start the journey away from passwords and make your users digital lives easier and more secure with passkeys. Passkeys are a simple and secure cross-device authentication technology that enables creating online accounts and signing in to them without entering a password. On sites and apps that implement passkeys the browser or operating system shows users the prompt to create a passkey. Users only need to use the screen lock on their device such as touching the fingerprint sensor to continue. There is no need to type or remember anything. Then to log in to an account users are simply shown a prompt to unlock their device. Sites that have implemented passkeys are seeing a number of benefits, such as higher login success rates reduced drop off rates, increased conversion rates and reduced costs of separate two-factor authentication solutions. Signing in with passkeys provides strong protection against phishing and data breaches two of the biggest security threats that passwords fail to prevent. Passkeys work with public key cryptography. A passkey is a private key stored securely on the device. It's created when using the screen lock functionality fingerprint, facial recognition, PIN, or pattern. The matching public key is stored on the server. Because no secret is stored on the server passkeys are not vulnerable to server breaches like passwords are. Each passkey can only be used for the same service it's created on so users can't be tricked into using their passkey to sign in to a sketchy app or website. Since logging in to a site or an app is done by using the screen lock a passkey replaces a password and a second factor in a single step. Passkeys already work on most browsers and operating systems. When a user creates a passkey for a website on their phone the phone's credential provider can back it up and synchronize to other devices. For example, if a user sets up a new Android device with the same Google Account Google Password Manager will have all their passkeys ready to use. Passkeys can also be used on devices they are not synchronized to through the hybrid protocol. For example, a user can use a passkey on their Android phone to log in to a website on their friend's macOS computer by scanning a passkey QR code. To prevent remote attacks the two devices will connect to each other locally ensuring that they are physically close. We are well on the way to a passwordless future. By implementing passkeys today you get better security, a better user experience and happier users. For more details on passkeys and how to implement them check out our documentation.
Info
Channel: Chrome for Developers
Views: 251,366
Rating: undefined out of 5
Keywords: Chrome, Developers, Google, Web, Passkey, passkeys, webauthn, fido, password, passwords, authentication, passwordless, passwordless authentication, web authentication, mobile authentication, cryptography, security, password manager, web dev, google chrome developers, chrome developer, chrome developers, google chrome, chrome, google, google developers, android
Id: 2xdV-xut7EQ
Channel Id: undefined
Length: 3min 48sec (228 seconds)
Published: Fri Jun 23 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.