Google has announced that it has begun prompting users to set up passkeys on their devices, months after the company added support for the secure login mechanism across its services. The switch to passkeys is part of a larger trend of moving away from passwords that tend to be insecure, to passkeys — a ‘passwordless’ but secure alternative that allows you to login to apps and services using biometric authentication on your smartphone and other devices. Passkeys are also resistant to phishing, which means they should keep you safer while browsing the Internet.
According to a blog post published by Google on Tuesday, you will soon be prompted to create a passkey, which will be used to streamline the process of logging into your Google account. A passkey is a Fast IDentity Online (FIDO) secret that is stored on a device like a smartphone or a password that can be used to log in to websites, services, and apps. Instead of relying on passwords, it uses public key cryptography and biometric authentication on your smartphone.
A new option called “Skip password when possible” will be enabled in your Google account, and the company will prompt you to create a passkey when you attempt to sign in to your account in the future. Doing so will save a passkey to your device that can be used securely — using a form of authentication, such as facial recognition, a fingerprint scan or a device PIN to authenticate your identity.
In a separate post, Google explains that the company plans to completely eliminate passwords in the future, along with what it calls “Band-Aids” that were created to make up for insecure passwords like multi-factor authentication apps and SMS codes. The private key stored on your device will be used in tandem with public cryptography to confirm your identity, without actually revealing the contents of the passkey to the server.
Passkeys are also safer than regular passwords because they don’t require users to remember long and unique passwords for various web services. Instead, the system uses two components to authenticate — your device, where the passkey is stored, and your biometrics. This means that passkeys also offer a second form of authentication that confirm you are in possession of your device — as some users might have concerns about what happens if their device is stolen.
Google also points to wider adoption of passkeys by the industry, citing WhatsApp Head of Product Alice Newton-Rex stating that support for passkeys is coming to WhatsApp — the feature is already in beta testing. Uber and Ebay have also added support for passkeys, while password management services have already built support for passkeys, alongside iOS 17 and Android 14 that were recently rolled out to users.
If you’re not sure about switching to passkeys right away, Google will allow you opt out of using the feature — for now. You can do this by disabling the “Skip password when possible” toggle in your Google account settings. It’s worth remembering that the feature is enabled by default so you will have to manually disable after logging in to your Google account, if you don’t want to use passkeys with your Google account.