After sharing Chromebook security tips yesterday, I have a timely follow-up today. Passkeys on Chromebooks are coming and this solution will greatly reduce, if not get rid of, having to type passwords. It’s not specific to ChromeOS or Chromebooks, but I thought to share information in this context.
What are Passkeys?
As I understand it, Passkeys are digitally encrypted credentials tied to an app or web account. There’s a hint of two-factor authentication (2FA) as you can use a second device for authentication, although it’s not required. Passkeys for Chromebooks, for example, can be stored in the Google Password Manager. When prompted to sign in to a web app on your Chromebook then, you can use your Google password, your Chromebook PIN, or even biometrics to authenticate the Passkey.
The latter action makes me happy because I’ve said for a while that fingerprint sensors on Chromebooks need to do more. They should support Passkeys for Chromebooks.
With Passkeys, you don’t need to know a password. Instead, credentials are stored in some central location or on a device along with the public and private encryption keys. When you log in with a Passkey, both the requesting service and you have the public encryption keys for authorization. But only you have the private keys for the credentials. Passkey solutions verify that you do have the private keys, and if so, authorize your session.
Here’s how Google describes Passkeys, in a developer post from last month:
A passkey is a digital credential, tied to a user account and a website or application. Passkeys allow users to authenticate without having to enter a username, password, or provide any additional authentication factor. This technology aims to replace legacy authentication mechanisms such as passwords.
When a user wants to sign in to a service that uses passkeys, their browser or operating system will help them select and use the right passkey. The experience is similar to how saved passwords work today. To make sure only the rightful owner can use a passkey, the system will ask them to unlock their device. This may be performed with a biometric sensor (such as a fingerprint or facial recognition), PIN, or pattern.
How Passkeys on Chromebooks will work
Instead of traditional passwords then, Passkeys are like approved authentication tokens. Like passwords, you’ll have to set up a Passkey for each app or service you use. But there’s no “choosing” a combination of alphanumeric and special characters. No password length requirement. And no need to remember a password. So there’s no need to type any passwords, either.
This video demonstration illustrates the use of an Android phone using Passkeys for secure application and website authentication:
For most people, Passkeys on Chromebooks will likely be stored in the Google Password Manager. When prompted for a Passkey on your Chromebook, this native solution should prompt you to “use” the stored Passkey. Or, to be a little more cautious, you can use a supported phone to approve the request. But I think many will appreciate the convenience factor of the built-in support for Passkeys in the Chrome browser.
If you’re like me and use a third-party password manager with a Chromebook, you’re in luck. This is an industry-wide movement so it’s being adopted by several password manager services. In my case, that’s 1Password, which created a Passkey demo you can try out here.
And the company explains more about Passkeys in this video:
When will Passkeys on Chromebooks arrive?
Google last month introduced Passkey support for both Android and Chrome. By extension, that means Passkeys on Chromebooks are already here; at least for sites and services that support them. Developers have to implement Passkeys using the WebAuthn API to add support.
In fact, you may have seen this web authentication dialog box when signing in to a website on your Chromebook. Here it is to the right. This is Google’s implementation for the user experience. Not shown is a QR code to set up a Passkey from your supported phone.
So in a sense, Passkeys on Chromebooks are already here. It’s just a matter of time for web services and apps to add support. I, for one, can’t wait until they all do. Heck, I might even buy a Chromebook with a fingerprint sensor just to celebrate that day!
Updated on Dec. 9, 2022: Google has today announced support for Passkeys in Chrome 108, which is generally available on all platforms.
Updated on July 13, 2023: All Google accounts now support passkeys and can be setup at this Google link.