Google introduces Passkeys for a passwordless future, boosting online security and convenience.

Google is taking a major step towards a passwordless future by introducing passkeys for Google accounts on all major platforms. The solution requires a pre-authenticated device and offers a safer and more convenient alternative to traditional passwords and other sign-in systems like 2FA or SMS verification. Passkeys can be authenticated using a local PIN or a device's biometric authentication, such as a fingerprint or Face ID, and they only exist on the user's devices. This ensures greater security and protection, as no password could be stolen in a phishing attack.

Users can add a passkey to their Google account, and the platform will prompt for it when signing in or when it detects potentially suspicious activity that requires additional verification. Passkeys for Google accounts are stored on any compatible hardware, such as iPhones running iOS 16 and Android devices running Android 9. They can be shared to other devices from the OS using services like iCloud or password managers like Dashlane and 1Password, expected to arrive in "early 2023."

While users can still use someone else's device to temporarily gain access to their Google account by selecting the "use a passkey from another device" option, this creates a one-time sign-in and won't transfer the passkey over to the new hardware. Google recommends that users should never create passkeys on a shared device because anyone who can access and unlock that device can access their Google account.

Users can immediately revoke passkeys in the Google account settings if they suspect that someone else can access the account or if they lose the only device that stored the passkey. Those enrolled in Google's Advanced Protection Program, a free service that provides additional security protections against phishing and malicious apps, can choose to use passkeys in lieu of their usual physical security keys.

Andrew Shikiar, executive director of FIDO Alliance, commented on Google's announcement, saying that he is thrilled with it and that it will dramatically move the needle on passkey adoption due to Google's size and the breadth of the actual implementation, which essentially enables any Google account holder to use passkeys. He also thinks that this implementation will serve as a great example for other service providers and stands to be a tipping point for the accelerated adoption of passkeys.

Although passkey support is not yet widely adopted, Google accounts will continue to support existing login methods like passwords for the foreseeable future. This gives users who may not currently have access to a device that supports biometric authentication time to transition over to the new technology. However, Google is planning to eventually transition entirely to passkeys by encouraging users to make the switch now and stating in its blog that it would scrutinize other sign-in methods "as passkeys gain broader support and familiarity.

Google's announcement follows smaller passkey implementations by the company. Google's Chrome browser gained passkey support in December last year, but passkey-supported sites and services are still relatively rare. 1Password has a page indicating which sites and services support passkeys. Hopefully, the authentication tech will be more rapidly adopted now that companies like Google fully embrace a passwordless future.

In conclusion, Google's introduction of passkeys for Google accounts on all major platforms is a significant step towards a passwordless future. Passkeys offer a safer and more convenient alternative to traditional passwords and sign-in systems like 2FA or SMS verification. The authentication tech is not yet widely adopted, but Google's implementation is expected to accelerate its adoption and encourage other service providers to follow suit. By switching to passkeys now, users can enjoy greater security and protection for their Google accounts.