Users will soon be able to log in to their Google account without ever needing a password at all, the company has revealed.
Instead, Google is going all-in on passkeys, cryptographic keys that are stored on your device with zero-knowledge - not even you know what they are. They allow you to log in to certain accounts with no password at all; all you have to do is authenticate with your device's PIN or stored biometric data, such as your fingerprint or face.
BestBuy, PayPal and eBay are among only a handful of prominent services that currently allow their customers to login to their accounts with passkeys, and now Google is set to join them.
Passkeys over passwords
Passkeys are part of the FIDO alliance, which sets the technologocial standards for them. Members of the alliance include all the major tech players: Apple, Amazon, Google and Meta.
They are claimed to be safer as they are phishing resistant, and more convenient since nothing has to be remembered by the user. Traditional 2FA methods are also no longer needed. The biometric data you use to authenticate also isn't shared with Google or any other third parties.
You'll receive a prompt to use your passkey to access your Google account once you have added one, and also if any suspicious activity is detected to verify your identity. Passkeys are compatible on iOS 16 and Android 9 devices, and can be shared to other devices via the cloud, or by using Dashlane (in our opinion the best password manager overall) or 1password (the best for families). Some other password managers can also store passkeys, or will acquire this functionality in future versions.
There is also an option to use a passkey from another device that isn't your own, allowing you to log in using a one-time passkey that won't transfer over to your own device. Google warns that you should never create passkeys on a shared device since any other user can login to your Google account.
Passkeys can also be revoked if users suspect someone else is using them to access their account or if they lose the device they are stored on. Those in Google's Advanced Protection Program can also use passkeys instead of their usual physical security keys.
Google account holders can still continue to use their password if they wish, and it will likely be while until Google transitions to passkeys exclusively, since widespread adoption is still a way off.
“We’re thrilled with Google’s announcement today as it dramatically moves the needle on passkey adoption due both to Google’s size, and to the breadth of the actual implementation — which essentially enables any Google account holder to use passkeys,” said Andrew Shikiar, executive director of FIDO Alliance.
He added, “I also think that this implementation will serve as a great example for other service providers and stands to be a tipping point for the accelerated adoption of passkeys.”
- Still using passwords at work? We've rounded up the best business password manager
