Google has announced the introduction of passkeys, a cutting-edge cryptographic key solution that eliminates the need for passwords and two-step verification codes for signing in to Google accounts. Passkeys promise to offer increased security and convenience, signaling a major step towards a passwordless future.
The Rise of Passkeys
Promoted by tech giants such as Google, Apple, Microsoft, and members of the FIDO Alliance, passkeys offer a more secure and user-friendly alternative to traditional passwords and sign-in methods like 2FA or SMS verification. Passkeys utilize a local PIN or the device’s biometric authentication, like fingerprint or Face ID, without sharing biometric data with Google or other third parties. Since passkeys are stored exclusively on your devices, the risk of password theft in phishing attacks is greatly reduced.
Using Passkeys for Google Accounts
Once a passkey is added to a Google account, the platform will request the passkey during sign-in or when additional verification is needed due to suspicious activity. Passkeys are stored on compatible hardware, such as iPhones running iOS 16 or Android devices running Android 9, and can be shared with other devices using services like iCloud or password managers like Dashlane and 1Password (expected to be available in early 2023).
Related: Google Passkeys Guide
Temporary Access and Revoking Passkeys
For temporary access to your Google account on someone else’s device, you can choose the “use a passkey from another device” option, which creates a one-time sign-in without transferring the passkey. Google advises against creating passkeys on shared devices, as anyone with access to the device can potentially access your account.
If you suspect unauthorized access to your account or lose the only device with your passkey, you can immediately revoke the passkey in your Google account settings. Users enrolled in Google’s Advanced Protection Program can opt for passkeys instead of their usual physical security keys.
The Future of Passkeys
Andrew Shikiar, executive director of the FIDO Alliance, expressed excitement about Google’s announcement, stating that the widespread implementation of passkeys by Google would serve as an excellent example for other service providers, potentially accelerating the adoption of passkeys.
As it may take time for passkeys to become universally supported, Google accounts will continue to support existing login methods like passwords for the foreseeable future. However, Google plans to eventually transition entirely to passkeys and is encouraging users to make the switch now while it evaluates other sign-in methods for potential phase-out as passkeys become more familiar.
Google’s introduction of passkeys to its platform marks a significant milestone in the move towards a passwordless future. As more sites and services adopt this new authentication technology, the online world can look forward to enhanced security and convenience.