Google has announced that users can now create and use Passkeys for their personal Google accounts thereby eliminating the need for a password or two-step verification when they sign in.
Passkeys are safer and a more convenient alternative to passwords, and they work on all major platforms and browsers. It’s hard to remember passwords and constantly change them every few months. In addition to that, even the most tech-savvy users have been misled into giving away passwords during phishing attempts. Two-factor verification adds another security layer to the account on top of a password and its dynamic nature makes it a safer bet. However, it again puts strain on the user with additional, unwanted friction and doesn’t help in more sophisticated attacks such as SIM swaps.
On the other hand, using Passkeys eliminate all such troubles. When users add a passkey to their Google account, they will be asked for it when they sign or perform sensitive actions on their account. The passkey itself is stored on the user’s local computer or mobile device, which will ask for their screen lock biometrics or PIN to confirm it’s really them. Biometric data is never shared with Google or any other third party.
One important functionality of passkeys that make them desirable is that they cannot be written down or accidentally given to a bad actor. They can only exist on the user’s devices. When a user uses a passkey to sign in to their Google Account, it proves to Google that they have access to their device and are able to unlock it. Passkeys protect against phishing and any accidental mishandling that passwords are prone to, such as being reused or exposed in a data breach.
Google has made it clear that users do not have to use their phones every time they sign in. If you muse multiple devices, you can create an individual passkey for each device. In addition to that, several platforms like iPhones can back your passkey and then sync them to other Apple devices.
In case, you lose your device, you can immediately revoke the passkey in your account settings and if your device supports it, can remotely wipe it as well.
Users can start using passkey on their personal Google Account by visiting g.co/passkeys.