Passwords are essential for protecting online accounts from compromise, misuse, or deletion. However, remembering and entering them each time you log in can be quite a hassle.
To streamline this process, Google has introduced a passwordless method using passkeys for Chrome logins. Users can now sign in with a 6-digit PIN, facial recognition, or a fingerprint, making the experience faster and more convenient than traditional passwords.
Additionally, passkeys are easy to back up and can be synchronized across multiple Android devices, significantly reducing the risk of account compromise. This initiative follows a trend initiated by Apple to enhance security on iOS devices, with Google and Meta also moving towards a passwordless future.
However, security researchers at Mandiant have identified a malware called StealC that is coercing Google users into revealing their credentials, only to lock them out of their accounts afterward.
Cybersecurity experts from OALABS have reported similar findings, noting that StealC employs an “AutoIT Credential Flusher” to pressure victims into disclosing their login information.
As a side note, some Google Account users have been utilizing two-factor authentication since 2022. This requires users to access their Google app on their smartphones to retrieve a security code hidden in the ‘Manage Accounts’ section. This measure helps prevent unauthorized logins and alerts users when their accounts are accessed from unfamiliar locations.
Microsoft has also embraced this concept, offering a dedicated authentication app since 2021 to combat fraudulent logins with compromised credentials.
In the coming months, users of Bing, Safari, and Firefox who access Google services will be prompted to use passkeys for a more seamless login experience.