Say goodbye to Google passwords and hello to Google Passkeys

The tech giant Google is incorporating a new security feature called passkeys into its devices and platforms. Using a passkey means that anytime you’d traditionally be prompted to put in your Google account password, you’ll instead be able to securely authenticate yourself via a face identification system or fingerprint scanner.

This new way of logging in promises to help prevent your login information from being stolen and keep your privacy safe from scammers. Also, the end goal is for the experience of logging in with a passkey to be easier than doing so with a password.

What is the difference between a password and a passkey?

A password is a combination of letters, numbers and symbols that you use to log into an account. The problem that has always been inherent with passwords is that hackers have found ways to steal them, especially if a person uses the same password across multiple accounts. Two-step verification was then created to help add an extra layer of security, but even this feature isn’t always foolproof.

With a passkey, Google users will no longer have to worry about remembering complicated passwords or using two-step verification. With passkeys, you can sign in to apps and websites with a biometric sensor (such as a fingerprint or facial recognition), PIN, or pattern, freeing you from having to remember and manage passwords. Passkeys are linked to all your devices added to your Google account.

Passkeys address two major issues associated with passwords, namely, phishing and data breaches. Passkeys offer more security than passwords because they are not reused across multiple sites like passwords often are, which reduces the potential damage if the credentials are stolen. While not perfect, passkeys are anticipated to be an improvement over the current state of security of passwords.

Are passkeys safe to use?

Yes, passkeys are a safer and easier replacement for passwords. They also significantly decrease the chances of your information being leaked in a data breach. With passkeys, your biometric information is never revealed to the website or the app. Your biometric material never leaves your personal device.

And if you’re worried about Google having access to your facial and fingerprint data, you don’t have to be. When you log in with your passkey, only the public key and the signature used to verify your private key will be shared with Google, and neither of these safeguards contains your facial or fingerprint data.

How a passkey works on Google

When you add a passkey to your Google account, Google will start asking for it when you sign in or perform sensitive actions on your account. The passkey itself is stored on your local computer or mobile device, which will ask for your screen lock biometrics or PIN to confirm it’s really you. Biometric data is never shared with Google or any other third party – the screen lock only unlocks the passkey locally.

Should I still be using a password manager?

Passkeys aren’t necessarily replacements for password managers. In fact, a drawback to using a passkey is that it relies on passkey issuers like Google operating without any technical glitches, which is not the real world.  When Google cannot validate a passkey, you run the risk of being locked out until it can.

It will be some time before every website supports passkeys, so you’ll still need traditional passwords for the near future. Passwords and two-step verification are also still available to use for your Google accounts and devices, as the company has not made the full transition to only using passkeys yet.

How do I set up my passkey for Google?

  • Go to g.co/passkeys and log into your Google account
  • Click +Create a passkey 
  • Click Continue
  • Use your Fingerprint, face, screen lock, or hardware security key to create the passkey
  • Click Done

Final thoughts

Google’s new passkey feature promises to enhance the security of logging in by eliminating the need to remember complicated passwords and reducing the risk of phishing and data breaches. Again, passkeys are safe to use and are now available for logging into various Google features, including Gmail and Google Docs. However, since passkeys are not yet available on all websites, it is recommended that you still use password managers to keep track of all your passwords and two-step verification for your Google accounts and devices, as the company has not made the full transition to only using passkeys yet.