What you need to know
- Google has begun switching to a passwordless sign-in across all major platforms for all of its services.
- Passkeys are now being offered as an optional security method when logging in to your Google account on multiple devices.
- The search giant notes that the new security feature will help reduce the attack surface for phishing campaigns.
It's no secret that passwords are easy to forget and susceptible to various attacks, including brute force and phishing campaigns. That’s why companies like Google have been rushing to replace them with passkeys as a more secure alternative, requiring only biometric data to unlock your device. Google is now taking that effort a step further by implementing passkey as an additional option when signing in to your account across all of its services on all major platforms.
This means that you won't need to keep typing in your password each time you log in to your Google account on any of your devices. Passkeys use a cryptographic approach that requires only key pairing, in which one key is public and registered with Google's servers and the other is private and locally stored on your devices.
"When you add a passkey to your Google Account, we will start asking for it when you sign in or when you perform sensitive actions on your account," Google wrote in a blog post. The search giant notes that passkeys will then try to verify your identity during sign-in by asking for your screen lock biometrics or PIN.
It's part of Google's broader effort to make passwords a thing of the past and promote a passwordless experience as the next big thing in online security. In October of last year, Mountain View rolled out passkey support for Android and Chrome, enabling passwordless sign-ins across apps and websites, regardless of platform. In Android 14 Developer Preview 2, Google also introduced a new API for making app login much more secure and seamless without the use of passwords.
For the time being, passkeys are only an option, and Google's apps and services still support passwords. In the long term, the goal is to help protect users from various attacks that leverage the weakness of passwords, such as phishing campaigns.
"While we encourage users to make the switch to passkey for both their safety and convenience, we’re adding it as one of the many options you have for signing in to Google," the company stated. "All the existing methods, including your password, will still work in case you need them, for example when using devices that don't support passkeys yet."
While the private key only resides on your devices, Google says your phone's operating system, such as Android, or any of the top password managers syncs it to all of your devices.
Google notes that passkeys are still in their early stages, acknowledging that it will be a while before they become universal.