Google warns “passwords are not only painful to maintain, but are also more prone to phishing and often leaked through data breaches.” And that’s the real issue. “It’s important to use tools that automatically secure your account and protect you from scams,” Google tells users, and that means upgrading account security now.
Google says “we want to move beyond passwords altogether, while keeping sign-ins as easy as possible.” That includes social sign ins, but mainly it means passkeys. “Passkeys are phishing-resistant and can log you in simply with the method you use to unlock your device (like your fingerprint or face ID) — no password required.”
This is just one of their excuses, to keep their users inside google’s walled-garden
It’s bad but at least it’s something actually secure, unlike PayPal that dropped passwords in favor of a TOTP sent by SMS.
I can use my yubikey with PayPal. Although it’s only 1 key allowed at a time. Still some progress
I love how companies like PayPal claim to need your phone number “for your security,” and then you find out they do insecure things like this