Google Launches Passkeys to Replace Passwords for Passwordless Future of Account Authentication and Security

With the announcement that passkeys, a new cryptographic keys solution that requires a pre-authenticated device, are coming to Google accounts on all major platforms, Google is taking the next step toward a passwordless future. Google users can use passkeys to sign in without using passwords or two-step verification codes starting today.

Google, Apple, Microsoft, and other tech companies that are affiliated with the FIDO Alliance promote passkeys as a safer and more convenient alternative to passwords. They can substitute a local PIN or a device’s own biometric authentication, such as a fingerprint or Face ID, for conventional passwords and other sign-in systems like 2FA or SMS verification. Passkeys only exist on your devices, and this biometric data is not shared with Google or any other third party. This provides greater security and protection because there is no password that could be stolen in a phishing attack.

When you add a passkey to a Google account, the platform will start asking you for it when you sign in or when it notices activity that might be suspicious and needs to be verified more thoroughly. Passkeys for Google accounts can be shared to other devices from the operating system using services like iCloud or password managers like Dashlane and 1Password (expected in “early 2023”), and they can be stored on any hardware that is compatible, such as iPhones running iOS 16 and Android devices running Android 9.

You can still temporarily access your Google account by using someone else’s device. If you choose to “use a passkey from another device,” you will only be able to sign in once, and the passkey won’t be transferred to the new hardware. Google cautions that you should never create passkeys for a shared device because doing so would allow anyone with access to that device to access your Google account.

In the Google account settings, users can immediately revoke passkeys if they believe someone else is able to access the account or if they lose the only device that held the passkey. Passkeys can be used in place of traditional physical security keys by Google users who are enrolled in its Advanced Protection Program, which is a free service that provides additional security protections against phishing and malicious apps.

Andrew Shikiar, executive director of the FIDO Alliance, said in a statement, “We’re thrilled with Google’s announcement today as it dramatically moves the needle on passkey adoption due both to Google’s size, and to the breadth of the actual implementation — which essentially enables any Google account holder to use passkeys. I also think that this implementation will serve as a great example for other service providers and stands to be a tipping point for the accelerated adoption of passkeys.”

Since the widespread adoption of passkey support is likely to take some time, Google accounts will continue to support password-based login methods for the foreseeable future. People who might not currently have access to a device that supports biometric authentication have time to switch to the new technology as a result of this. Google, on the other hand, seems to be planning a complete switch to passkeys by urging users to do so right away and stating on its blog that it would investigate other sign-in options “as passkeys gain broader support and familiarity.”

With iOS 16, Apple made it possible for users to use the technology across all of its apps, including Apple Wallet. In October 2022, passkey support was made available for Chrome and Android devices; however, the option is now available for all Google accounts, from Gmail to Drive.

Google’s smaller passkey implementations precede today’s announcement. Google’s Chrome browser added passkey support in December of last year, but passkey-supported websites and services are still relatively uncommon. This makes it difficult to completely eliminate passwords at this time. There is a page on 1Password that lists sites and services that support passkeys. Hopefully, the technology for authentication will be adopted more quickly now that companies like Google are more open to a passwordless future.

Google will keep on supporting passwords and two-factor authentication as other account access options.