Google has finally started urging customers to set up Google passkeys on their devices, months after the firm launched support for the secure login method across all of its services. The use of passkeys is part of a bigger movement away from passwords, which are notoriously unsafe, and toward passkeys, a ‘passwordless’ but secure alternative that uses biometric verification to provide access to applications and services on your smartphone and other devices. Google Passkeys may also prevent you from falling victim to phishing while you’re online.
A Google blog post from this past Tuesday explains that you’ll soon be asked to set up a Google passkey in order to access your Google account. A passkey is a secret used for authenticating oneself online, such as a password or a Fast IDentity Online (FIDO) token saved on a mobile device. It does away with the need for passwords entirely by making use of public key cryptography and the biometric features of your mobile device.
After enabling the “Skip password when possible” setting in your Google account, you will be prompted to generate a passkey the next time you sign in. By doing so, a secure passkey will be stored on your device, allowing you to unlock it using biometric information such as your face, fingerprint, or PIN.
In a second blog post, Google says that it has no plans to use passwords in the future and that it also intends to do away with the “Band-Aids” like multi-factor authentication applications and SMS codes that were developed to compensate for the insecurity of passwords. To verify your identity without disclosing the Google Passkeys contents to the server, public cryptography will be utilized in conjunction with the private key kept on your device.
Google Passkeys are more secure than traditional passwords because they eliminate the need for users to create and remember complex passwords for each of their online accounts. Instead, your biometrics and the device you used to store the passkey are used to verify your identity. Some users may worry about what would happen if their device is stolen, therefore passkeys provide an additional layer of verification to prove that you are in physical control of the device.
Google also cites the upcoming addition of Google Passkeys support to WhatsApp (now in beta testing) as evidence of the industry’s growing acceptance of this security measure. Passkey support has just been given out to users on iOS 17 and Android 14, and it has since been added to Uber and eBay. Password management providers have also already integrated support for passkeys.
Google gives you the option to delay converting to Google Passkeys if you’re still unsure about it. To achieve this, go to your Google account settings and turn off the “Skip password when possible” option. The function is enabled by default, so if you don’t want to utilize passkeys with your Google account, you’ll need to deactivate it after signing in.