Google is killing passwords and replacing them with passkeys — what you need to know

A picture of the Google headquarters
(Image credit: Shutterstock)

Google has announced that it has begun rolling out passkey support for all Google accounts in an effort to further secure them from password reuse, phishing and being stolen by hackers.

After setting up passkeys with your Google account, you’ll no longer need to enter your password or use 2-step verification when logging into Gmail, Google Drive, Google Docs and the search giant’s other products according to BleepingComputer.

In a blog post announcing the roll out, Google Product managers Christiaan Brand and Sriram Karra explained that the change “means users can now take advantage of passkeys across Google Services for a passwordless sign-in experience”.

Unlike passwords which you need to remember or store in one of the best password managers, passkeys are linked to your computer, tablet, smartphone or other devices once they’ve been added to your Google account. They allow you to access your account  by unlocking your device using a PIN or biometrics like your fingerprint or facial recognition.

What makes passkeys better than passwords

Holographic login above laptop keyboard

(Image credit: Song_about_summer / Shutterstock)

The best thing about passkeys is that each one is a unique digital key that can’t be reused which can make a huge difference when it comes to fighting phishing attacks. Likewise, since they’re stored in an encrypted format on your devices instead of on a company’s servers, they also can’t be leaked online following a data breach.

By using biometric authentication, PINs or patterns for signing in, you also won’t need to create strong, complex passwords or have to remember them. Passkeys rely on a public key and a private key to work. While the public key is stored on a company’s servers, the private key remains on your devices and can’t be easily stolen.

When you login using a passkey instead of a password, the only information shared with Google is the public key along with the signature used to verify your private key. Fortunately, neither contains any of your biometric information.

If you do happen to lose the device that has your passkeys on it, don’t worry as passkeys are backed up and synced to the cloud. In order to recover them, you just need to provide the lock screen PIN, password or pattern from your old smartphone.

How to set up passkeys for your Google account

A picture showing how passkeys work with Google accounts

(Image credit: Google)

At the moment, Google is offering passkey support as another sign-in option when logging into your Google account. However, as the transition to only using passkeys will take time, passwords and two-step verification will still work for Google Accounts.

Passkeys are now generally available and if you want to try them out for yourself, you can do so here. However, you won’t have the option to use them with your work account just yet as they still aren’t supported with Google Workspace accounts. When passkeys do become available for Google Workspace, an administrator at your company will need to enable them before you can use them.

Now that Google, Microsoft, Apple and many other tech giants have fully embraced passkeys and have begun rolling out support for them, we could see passwords disappear almost entirely over the next few years.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

TOPICS
  • Laisha
    Oh, good! I wonder if they will be willing to put a chip in my right hand or forehead in order to enhance their knowledge of my every move.
    Reply
  • Smoog
    What an absolutely terrible idea.
    Reply
  • mark_887797
    Tom's used to be credible and a good site. Now it's just hyperbole and clickbait.

    Whatever you use to safeguard your info and access to it, it's still a password. You can call it anything you want like pass keys but it's still a password which requires record keeping. Only biometrics can kill passwords. Capice?
    Reply
  • mark_887797
    Smoog said:
    What an absolutely terrible idea.
    I wouldn't necessarily say it's a bad idea. It's certainly not a good one. Most people these days use a password manager like 1Password, Bitwarden, or Roboform although many financial institutions don't want you too. And worst of all, banks aren't switching to pass keys anytime soon. Instead, they insist you manually enter a 12 or 28 character password while blocking the paste feature or password manager when creating it.
    Reply
  • mark_887797
    Laisha said:
    Oh, good! I wonder if they will be willing to put a chip in my right hand or forehead in order to enhance their knowledge of my every move.
    You mean like the chip in vaccines? Lol
    Reply