Google Chrome killing passwords with passkeys — here's how to use them

A Google Chrome logo displayed on an Android smartphone resting on an orange and red surface
(Image credit: Shutterstock)

After announcing that passkey support was coming to Android and Chrome back in October, the new feature is now available in the latest version of Google’s browser (Chrome Stable M108).

The move is part of the search giant’s continued efforts to move away from passwords and towards passwordless authentication instead. However, Google isn’t alone in this endeavor and both Microsoft and Apple have also added passkey support to their respective operating systems. (If you’re an Apple user, this is how to set up passkeys on iPhone, iPad and Mac.) 

Before you go replacing all of your passwords with passkeys though, it’s worth learning a bit more about this new technology along with its benefits and downsides. This way you can decide if you want to ditch your passwords for good. However, even without switching to passkeys, you can still improve your password security by using one of the best password managers

Passkeys vs passwords

Even if you come up with a strong, complex password that uses a combination of uppercase and lowercase letters as well as numbers and symbols, it could still be stolen by hackers — either directly through phishing or indirectly as the result of a data breach. Google has been working for years now to make passwords more secure through both 2-Step Verification and Google Password Manager.

Unlike a traditional password, passkeys can’t be reused across accounts, stolen in phishing attacks or leaked as the result of a data breach. They also work across different operating systems and browsers and can be used with both websites and apps.

Things to consider before setting up passkeys

In order to use passkeys in Chrome, you first need to enable on-device encryption on either Android or iOS. Doing so encrypts the passwords on your smartphone before they’re saved to Google Password Manager.

On-device encryption warning messages in Chrome

(Image credit: Future)

While you may be eager to try out passkeys now that they’re supported in Chrome, enabling on-device encryption does come with several caveats. For instance, once on-device encryption is set up, it can’t be removed. Also, some of the sites and apps you regularly use won’t be able to sign you in automatically. You will also need to enter your Google password to unlock your passwords on every new device you use.

If these caveats aren’t a deal breaker, this is how passkeys work in Chrome along with some tips to help you get started.

How to use passkeys in Chrome

Once on-device encryption is enabled in Chrome, you’ll be able to create new passkeys and use them to sign into any site or app that supports them. However, when you sign in with a passkey, you will have to authenticate your account in the same way that you unlock your smartphone.

For those running the latest version of Chrome, passkey support is now enabled on Windows 11, macOS and Android. If you’re using one of the best Android phones, your passkeys will be securely synced through Google Password Manager though Google plans to add support for any password manager that supports passkeys in future versions of Android.

How to create a passkey in Chrome

(Image credit: Google)

In order to create a new passkey for one of your online accounts, you’ll need to confirm the account information and then present your fingerprint or face when prompted to do so. However, you can also use the PIN that you use to unlock your smartphone. 

How to use a passkey in Chrome

(Image credit: Google)

Signing in using your new passkey is just as simple. Just like with passwords, Google uses autofill for passkeys. When you try to sign in, a prompt will appear asking you if you want to use your password. After clicking on “Continue”, you’ll then need to use your fingerprint or PIN to sign in to your account.

How to sign in with a passkey on desktop in Chrome

(Image credit: Google)

Passkeys wouldn’t be a great password replacement if they didn’t work on your computer and fortunately, they can also be used to sign into websites on your PC or Mac. In this scenario, a securely generated QR code appears in your browser and you then need to use your smartphone to scan it. This lets you use the passkey stored on your smartphone.

Another upside to using passkeys instead of passwords is that there’s nothing to leak since a new QR code is generated each time you go to login.

How to manage your passkeys in Chrome

How to manage your passkeys in Chrome

(Image credit: Google)

With Chrome M108 running on your desktop or laptop, you can manage all of your passwords from within Google’s browser on either Windows or macOS. To do so, click on the three dots menu at the top right of Chrome and head to settings. In the “Autofill” tab, you can manage all of your passkeys.

Is this password really dead?

A hand holding a phone securely logging in

(Image credit: Google)

Unlike with other new technologies, all of the big tech giants have been working together to roll out passkey support to their respective operating systems and browsers. As such, it looks like passkeys really do have a chance when it comes to replacing passwords.

However, you likely won’t be able to use passkeys for all of your accounts. For instance, your Google Account will still need its own unique password and this will likely be the case for your Apple and Microsoft accounts as well. Still, passkeys can be really useful when logging into third-party accounts and this is especially true for your more sensitive accounts like your bank account and other financial services.

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.