Google uses passkey as the default login method

This is the latest move since Google announced support for the passwordless standard for accounts across platforms. Passkey is a FIDO Alliance-backed solution that provides a more secure way to log in to apps and websites without the need for a traditional password. This can be achieved by simply unlocking the user's computer or mobile device using biometric technology (fingerprint or facial recognition) or a PIN.

Google says the next time users sign in to their account, they'll start seeing prompts to create and use a passkey, making future sign-ins easier. It also means they'll see the 'bypass password' option enabled in their Google Account settings.

Passkey is a login mechanism that leverages public-key cryptography to authenticate user access to websites and applications, with the private key stored securely on the device and the public key stored on the server.

Each passkey is unique and linked to a specific username and service, meaning a user will have at least as many passwords as accounts. However, they will have multiple passkeys per account because it only works within the same platform. This means a user can have a passkey for each website for Android, iOS, macOS, and Windows.

When logging into a website or app that supports passkey, a random code is generated and sent to the user, requiring biometric or PIN verification to be signed and sent back to the server.

The benefit of passkey is that it not only reduces the hassle of remembering passwords but also has anti-phishing capabilities, thereby protecting users from common account hijacking attacks today.