Google Passkeys are now a default sign-in option for Google account holders – and they’re significantly more secure than passwords.
Google account holders will now be prompted to create and use passkeys when they sign into their accounts, which the tech giant says is a “simpler and more secure way to sign into your accounts online” compared to regular password security.
Google initially launched support for passkeys in May 2023, and after positive feedback, it has been upgraded to the default sign-in method.
Passwords aren’t going to disappear tomorrow, nor is multi-factor authentication. However, moves like this take us further toward a passwordless future, one step at a time.
What Is a Passkey?
A Passkey allows users to harness biometric sensors like face scans and fingerprints – or a preset PIN – to log in, rather than relying on a long, complicated password. It is stored on your computer or phone.
Passkeys are made secure via “public key cryptography”. Proof that a given credential is yours is only provided when you unlock your phone with your biometric data or PIN – the passkey itself is never actually revealed to the server, rather, it just confirms that you have it.
How To Set Up and Use Google Passkeys
As previously mentioned, if you’re a Google account holder, you’ll now be prompted to use a passkey when you sign into your Gmail or Google account.
All you’ll have to do is follow the instructions and choose what kind of passkey you’d like, something that will be constrained to an extent by your device’s capabilities. If you have an iPhone, for instance, you could make your passkey your fingerprint – although you may not be able to do this on a laptop (but you could use a PIN). Either way, it only takes a couple of minutes.
You can also head over to your Google account settings and toggle on a “skip password when possible” option. If you choose to set up a passkey upon sign-in, however, this will be changed for you automatically.
Don’t worry – it’s possible to opt out at a later time if you try out the feature and decide you’d like to revert to using your passwords to log in.
Other Technology Giants Switch to Passkeys
Google might be the first big name to try and push passkeys as the default way to sign into accounts, but they’re not the only big tech company sold on the idea of a passwordless future.
In May 2022, Apple and Microsoft joined Google in committing to expanding support for a new standard for sing-in created by the FIDO (Fast IDentity Online) alliance. Uber and eBay now also provide passkey-based sign-in options.
“While password managers and legacy forms of two-factor authentication offer incremental improvements,” FIDO says, “industry-wide collaboration to create sign-in technology that is more convenient and more secure” is leading us into a new era of account security.
Is this the End for Passwords?
“While [passkeys are] a big step forward, we know that new technologies take time to catch on,” Google admits. “So passwords may be around for a little while.”
However, options like passkeys are certainly going to give them a run for their money sooner rather than later.
“Passkeys will replace passwords,” reads a recent post by Eben Carle on Google’s “The Keyword”. “It’s even broader than that. I’d say our vision for passkeys is to not only get rid of passwords but also eliminate all the Band-Aids the industry has designed to make up for the fact that passwords are so vulnerable.”
In 2023, only sufficiently long, complex, and unique passwords are considered secure – and even then, they can still be extracted during a data breach.
It will take hackers just seconds to crack a password that doesn’t satisfy these crucial conditions, which is why it’s also important to have multi-factor authentication activated wherever you can.
The best password managers that deploy zero-trust infrastructures are, of course, still more secure than simply re-using a password across multiple accounts. However, recent high-profile cyberattacks that have hit LastPass have called the tech’s security credentials into question.
For Google, password managers are just another “Band-Aid” staving off the inevitable. Passwords becoming a thing of the past isn’t a matter of if – it’s a matter of when.
