Passkeys are now the default sign-in option for all personal Google accounts. This should greatly increase user security, aspasskeys can’t be brute-forcedand are resistant to phishing or leaks. But the primary benefit is improved convenience—you can log into Google without memorizing a password or going through a two-step verification process. Google will ask you to create a passkey the next time you log into your account, though you can continue using traditional passwords if that’s what you’d prefer.
The idea here is pretty simple. When you tell Google that you want to use passkeys, it will generate apairof cryptographic keys. One of these keys, called the “private key,” is saved to your computer or smartphone and protected by biometrics, a PIN, or a password. But the other key is “public” and stays in Google’s hands. Only the private key can unlock the public key. So, if someone wants to hack your Google account, they must have physical access to your phone or computer. They must also find a way to subvert whatever authentication systems (biometrics, PIN, password) are enforced by your device’s passkey manager.
Nobody knows your private key—you don’t know your private key, and Google doesn’t either. If Google is hit by a huge data breach, the hackers will only walk away with public keys. And if a fraudster tells grandma to share her login details, she’ll have nothing to share.
Note that passkeys aren’t some proprietary Google-only thing. The passkey standard was developed by theFIDO Alliance. All major technology companies, including Apple, Google, and Microsoft, contributed to this standard and have implemented a passkey manager in their respective operating systems. There are also several password managers, including1Password, that now support passkey functionality. You’re free to transfer passkeys from one platform to another, and most passkey managers offer device syncing (meaning that both your phone and computer will contain your passkeys). you’re able to alsoshare passkeyswith friends or family.
Clearly, passkeys provide a more convenient sign-in process while also boosting user security. But Google is one of the first companies to really push passkeys on its users. At the time of writing, only75 apps and websitesoffer passkey sign-in. It may take several years for passkeys to fully replace passwords.
We suggest that you enable passkeys on your Google account. Even if you don’t care about increased user security, passkeys are the future. Get familiar with passkeys before they’re required by every app and website. Google will ask you to set up a passkey the next time you log in, though you canmanually enable passkeysif you’re in a rush.
