Link: Over 400 million Google accounts have used passkeys, but our passwordless future remains elusive

“Passwords have had a good run, we’ve had them for the last 70 years already. We’ve been able to work out most of the kinks with passwords, but they still suck, right?” Christiaan Brand, product manager for identity and security at Google, told The Verge. “The transition path is not always easy, and you will have a whole bunch of very vocal users who used to do things in a very specific way now all telling you that the new thing you’re doing is wrong.” All of this suggests that the dream of creating a passwordless future will need to coexist alongside more recognized sign-in methods for the foreseeable future. “I think as an industry we need to learn a little bit. We’re trying to work through this and sometimes we make mistakes too,” said Brand. “So we’re making some slight tweaks to certain things we’ve done, but ideally, we need to go out there and show these early adopter services a pathway for doing a conversion that would make sense.” Brand says that over time, adding friction to the process of using potentially insecure passwords could promote passkeys as the preferred login. “If you use your password to get into your Google account, that also means you couldn’t use your passkey, so either it’s a legitimate user that lost their device, or it’s a bad guy.” Brand gave an example in which users who sign in using a password instead of their passkey may be asked to wait 24 hours to gain access while Google conducts security checks to ensure the account hasn’t been compromised. #

--

Yoooo, this is a quick note on a link that made me go, WTF? Find all past links here.