The new passkey solution aims to offer enhanced security while eliminating the need for traditional passwords.
- Google introduces passwordless passkeys across all platforms for Google Accounts, providing a more secure method for signing in to apps and websites without traditional passwords.
- Passkeys are stored locally on devices and use biometrics or local PINs, eliminating the need for two-factor authentication and offering better protection against phishing and other online attacks.
- While Google plans to continue supporting existing login methods like passwords and two-factor authentication, it advises against creating passkeys on shared devices to maintain security protections.
Google has started implementing passwordless passkeys across Google Accounts on all platforms, following the addition of passkey support to its Chrome browser five months ago. Passkeys, supported by the FIDO Alliance, provide a more secure method for signing in to apps and websites without using traditional passwords. Users can access their accounts by simply unlocking their computer or mobile device with biometrics, such as fingerprint or facial recognition, or a local PIN.
Google highlighted that passkeys are more secure than methods like SMS one-time codes, as they are resistant to online attacks such as phishing. Passkeys are stored locally on the device and not shared with any other party, eliminating the need for two-factor authentication. This local storage confirms that users have access to their devices and can unlock them.
Users can create passkeys for every device they use to log in to their Google Account. A passkey created on one device, like an iPhone, will be available on other devices if they are signed in to the same iCloud account. Both Google Password Manager and iCloud Keychain employ end-to-end encryption to maintain passkey privacy, preventing users from getting locked out if they lose access to their devices or facilitating device upgrades.
For temporary usage or signing in on a new device, users can choose the option to “use a passkey from another device.” This method uses the phone’s screen lock and proximity to authorize a one-time sign-in. The device then establishes an end-to-end encrypted connection to the phone through the internet by verifying the phone’s proximity via a small anonymous Bluetooth message.
Google plans to continue supporting existing login methods like passwords and two-factor authentication for the foreseeable future, despite the introduction of passkeys. The tech giant also advises users against creating passkeys on shared devices to maintain the security protections provided by the passwordless solution.