Google has made a stride towards a password-free future by integrating passkeys directly into Google Accounts. The change means you no longer need to memorize a strong and unique password to protect your Google data, nor do you need two-factor authentication as a backup in case someone steals your password. It’s the best of both worlds, and it’s available for your Google Account right now.
What are passkeys?
Passkeys are an industry-wide replacement for passwords. Instead of signing in with a password, you create a passkey that’s unique to your device, such as your Mac, PC, or smartphone. Then you use the on-device authentication to log in to your account, including methods like Face ID, fingerprint scanning, PIN lock, a device password, or even a physical biometric authentication device.
When you create a passkey, a private cryptographic key is created on your device, and a corresponding public key is sent to Google. When Google receives an account sign-in request, it pings your device to see if the keys match. The only way to do this is to approve the action with your device’s authentication, so bad actors can’t hijack the process without having physical access to both the device and the authentication process, making it more important than ever to keep your phone’s passcode a secret.
So long as you keep your devices on-hand and their authentication methods secure, passkeys are a breath of fresh air. They mean you don’t need to worry about passwords and 2FA. Signing into your Google Account is as simple as buying something with Apple Pay or Google Pay. The more accounts you use passkeys for, the easier (and more secure) your digital life becomes.
In the future, when you switch to a passkey, your account passwords will stop working; but to ease the transition, companies like Google let users rely on a password as a backup. If you’re worried an old computer won’t support any biometric authentication, you can still fall back on your password.
How to create and use passkeys on your Google account
Passkeys are stored locally on supported devices. If you’re on Apple devices, you’ll need an iPhone running iOS 16, and a Mac running macOS Ventura or higher. Android phones running Android 9 and higher are supported, as are PCs running at least Windows 10.
Passkeys also support cross-device authentication. Let’s say you have a passkey stored on your iPhone or Android, you can use that to authenticate logging in to a browser on Windows without using a password. Because this is essentially a master password, only create a passkey on a computer that you use. Google recommends you avoid using passkeys on shared devices.
To start, visit Google’s new Passkeys page. Log in with your password and click Create a passkey. From the popup, click Continue to create a passkey on the current device. Next, choose your account, and click Continue again.
The device’s authentication will show up. This will depend on your computer or smartphone, but you can use your device password, Face ID, or PIN to authenticate. Then click Done to confirm. You can follow the same process on another device to create a new passkey, but it’s especially useful if you’re an Apple user. If you create a passkey for Google on your iPhone and save it to your iCloud account, you can then use the same passkey on all your Apple devices (Mac, iPhone, iPad) as long as you’re logged in to the same iCloud account—no need to redo the whole process.
[The Verge]