The future is passkeys, not passwords: Google accounts is the latest to make the switch, following similar movements through Apple and Microsoft in the last two years (with other smaller names also making the switch). This means more convenience and more security for your account, and no need to remember many long passwords.
Essentially, a passkey means that the device you’re using (usually your phone or laptop) verifies your identity with whatever screen lock is in place—PIN, facial recognition, fingerprint sensor—proving that you are who you say you are. In simple terms, the technology you use to unlock your phone becomes the technology you use to access your digital accounts, too. They replaced the two-step verification as well as the password, and it worked with hardware keys.
Unlike passwords, passkeys can’t be written or leaked on the web—they’re tied to your device. Google describes passkeys as “the future of secure sign-in, for everyone”, and if you want to make the switch now, we’ve outlined the steps required below.
What are passkeys?
Passkeys have two parts: A public passkey stored on the site or app you log in to, and a private passkey stored on your specific devices. For this private passkey to be used for authentication, you need to prove your identity: This is where the technology to unlock your phone or laptop (such as reading a fingerprint or requesting a PIN) comes into play.
These private passkeys are kept encrypted and secure on individual devices. They cannot be predicted, or downloaded from a web server, or written. In addition, because of the two pairs that make up the passkey, you won’t be tricked into logging into a site or app that isn’t what it pretends to be (like a fake bank website trying to dissemble you with your login credentials.
As far as the user-facing experience is concerned, when logging into a site or app on a new device, you’ll be given the option to switch to a passkey method, which will be used by default the next time the authentication. Authentication is usually only required when logging in to new sites and apps on new devices—once you’re logged in, you’re logged in.
Passkeys can be synced between devices, but currently this only happens on Android, Windows, and iCloud—for example your credentials between iPhones and Macs, but not from your iPhone to your Windows laptop, or from your iPhone to your Android. tablet The process of setting up new devices on other operating systems includes a few more steps involving QR codes and Bluetooth, but it won’t take long.
So what happens if you lose your phone or laptop? Like today’s password managers and password syncs, the idea is that you always have multiple devices allowed, so you can use another gadget to verify your identity (and put a spare phone or laptop). If you lose all your devices with passkeys, then you’ll have to go back to old methods to regain access to your accounts—passwords, recovery email addresses, and phone numbers.
How to set up passkeys for your Google account
You can choose to create a passkey every time you sign in to Google from a new location, but that’s probably the easiest way to go. your Google account on the web, then select Security and Start using passkeys. You may find that some of your devices have started generating passkeys, if you want to use them. Click Use passkeys to make these keys and switch from passwords to these devices.
You can also click Create a passkey to generate a passkey pair for the device you are currently using. Make sure to only do this on devices that only you have access to – anyone who gets past the device’s screen lock can get into your Google account (which is how it now works with passwords too, if you’re already logged in . in).
Now, whenever you need to log in to your Google account in a new app or site, you can use a passkey and the authentication built into your device (for example the Touch ID sensor on a MacBook Pro)—no password. required. The same prompt will appear when you make important changes, such as editing the security settings for your Google account. You can retrieve passkeys from your Google account page if you lose an authorized device and think someone else might be able to get past the screen lock.
While it’s still early days for passkeys, support for them should spread over time—major password manager tools, for example, are expected to start adding passkey support in the near future. Over time, switching between devices and platforms and browsers should become more straightforward.
It’s important to note that this doesn’t make your password redundant, at least not yet—so you should either remember it or store it somewhere. Your password can still be used as a backup option if a passkey doesn’t work, for example, or to recover your account if necessary. Over time, Google is betting that most people will prefer the simplicity and ease of use of passkeys.