Online Identities, Passwords, and Passkeys, Oh My (Premium)

I've been using a Google Workspace [email protected] my primary online identity since before we launched Thurrott.com, and for the most part, I don't have any major complaints. But there has long been one major downside to this account type, and to consumer-focused Gmail accounts, compared to my other major online identity, my 22-year-old Microsoft account (MSA): it requires me to actually type in my password every time I need to sign in for the first time on a new PC or device. And then occasionally thereafter, though those instances are handled by my password manager.

Microsoft does not require this. Indeed, it hasn't required this since 2017, when it updated its excellent Microsoft Authenticator app to support passwordless sign-ins to Microsoft accounts that are protected by two-step authentication (2FA). (And in 2018, it added a similar capability for those who wish to protect their account further using a physical security key like a YubiKey.)

But Microsoft took the passwordless movement to its logical conclusion in 2021 when it began allowing MSA users to completely remove the password from their accounts. I still haven't enabled (disabled?) this feature on my primarily Microsoft account, but I have on others, like those I use for my books.

Related to this, Microsoft has also been updating Authenticator to meet related needs. In December 2020, for example, it added password manager and autofill capabilities so that you can use it as the default for app and web accounts and password autofill on Android and iPhone.

Google has moved much more slowly to make similar improvements for its business (Workspace) and consumer (Gmail) customers. But a little over one year ago, it announced that it would join Apple and Microsoft in supporting the passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. And as I noted at the time, user authentication is, as Microsoft would say, a hard computer science problem. It is perhaps ironic, then, that Microsoft got it right first. I've been waiting on Google ever since.

So what am I waiting for? Easy: account authentication that is both seamless and secure.

What this means in real-world terms is that signing into my Microsoft account---whether I'm setting up a new PC for the first time, signing in to OneDrive or Outlook.com online, or whatever---is easy: I just type in my email address and I get a prompt on my phone that I can authenticate with my fingerprint (on my Google Pixel) or via facial recognition (via Face ID on my iPhone). Then I'm signed in on the PC or device with no need to ever type a password. Subsequent sign-ins are just as easy and use the same process.

With Google, however, I've had to type in my password too. This happens when I set up an Android phone or Chromebook, when I sign in to a Google app or service, and so on. And it happens every single time. As a result, I've had to ensure that my Google account passwor...

Gain unlimited access to Premium articles.

With technology shaping our everyday lives, how could we not dig deeper?

Thurrott Premium delivers an honest and thorough perspective about the technologies we use and rely on everyday. Discover deeper content as a Premium member.

Tagged with

Share post

Please check our Community Guidelines before commenting

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2024 Thurrott LLC