Say goodbye to passwords, and hello to passkeys.
Nearly a year after tech titans Google, Apple, Microsoft, and the FIDO Alliance joined forces to usher in a passwordless future, Alphabet’s Google announced that passkeys are now coming to Google account users. Starting today, they can create and use passkeys on their Google accounts, bypassing the two-step verification process and passwords, when they sign in. Passkeys are coming to Google accounts on all major platforms, even though Google accounts will continue to support existing login methods like passwords for the foreseeable future.
Google’s adoption of passkeys is expected to encourage other major tech companies to follow suit and adopt stronger security measures to protect users’ accounts. This technology could become the new industry standard for online authentication, providing users with a more secure and reliable way to access their online accounts. This method also eliminates the need for traditional passwords and provides an extra layer of security – unlike passwords, they cannot be created manually or written down on a piece of paper and are instead generated by the device itself. Furthermore, passkeys let users sign in to apps and sites the same way they unlock their devices, whether it be via biometric measures or a screen lock PIN. Passkeys have already been integrated by Apple – the iPhone maker integrated it into iOS with the launch of iOS 16, and the feature is also available in iPadOS 16.1 and macOS Ventura.
“For some time we and others in the industry have been working on a simpler and safer alternative to passwords. While passwords will be with us for some time to come, they are often frustrating to remember and put you at risk if they end up in the wrong hands,” Google wrote in its blog post. It added that it has already brought updates to bring passkey experiences to Chrome and Android alike. While users across the globe can already use passkeys over passwords to further safeguard their accounts from phishing attempts, administrators of Google Workspace accounts will have to wait for some time before they can enable passkeys for their end-users during the sign-in process.
Those who are interested in creating a passkey need to log in to their Google account and then choose the “Create a passkey” option. If they are signing in with a new device, they need to select the option to “use a passkey from another device” and follow the prompts. While it does not transfer the passkey to the new device, it uses the phone’s screen lock and proximity to approve a one-time sign-in. In case a device is lost, the user can revoke Google Account passkeys in Settings.
With the rise of cyberattacks, data breaches, and the vulnerabilities of password-based security, the need for strong and secure authentication methods has become increasingly important. Even though it will take time for passkeys to be widely adopted, it offers a promising solution by reducing the risk of account hacking and improving user safety. By making this technology available to all users on major platforms, Google is taking a significant step towards a more secure online environment. This technology has the potential to greatly enhance user safety and protect accounts from unauthorized access.
Additionally, it provides a secure alternative to traditional passwords and could pave the way for a more secure online ecosystem. As more companies adopt similar solutions, the future of authentication may be moving towards pre-authenticated devices and cryptographic keys.
“We’re thrilled with Google’s announcement today as it dramatically moves the needle on passkey adoption due both to Google’s size and to the breadth of the actual implementation — which essentially enables any Google account holder to use passkeys,” Andrew Shikiar, executive director of FIDO Alliance, said in a statement. “I also think that this implementation will serve as a great example for other service providers and stands to be a tipping point for the accelerated adoption of passkeys.”
