Passwords are a vulnerable method for security, and as such it’s good practice to use different passwords for each account you own. But it’s nearly impossible to remember all those passwords yourself, so most people end up using the same password across many accounts or utilizing the best password managers. Those aren’t safe either, as demonstrated by LastPass, a well-known and trusted password manager that suffered a massive data breach that compromised user data. Luckily, Google might have a better way with passkeys, a new way to authenticate it’s really you signing in to your account.
What are passkeys?
Passkeys are alternative authentication methods developed by the FIDO Alliance, an open-industry collaboration supported by the biggest tech companies. Typically, the most common form of authentication is two-factor, which asks a user for their password and a code either sent to a phone number. Other methods, like using an authentication app or a physical key, are more secure, but also more of a hassle. FIDO’s security keys cut out the need for a password in favor of a passkey, which doesn’t share the same vulnerabilities as passwords and SMS verification codes.
In simple terms, a passkey is an authentication method that is connected to the passcode or biometric security of another device, like Face ID on an iPhone or facial recognition on an Android phone. Your face or fingerprint will authenticate that it’s really you on your phone, and a passkey will be sent to the place you’re trying to sign in to.
What products and services work with passkeys?
To set up and use passkeys on a mobile device, it’ll need to be running at least Android 9 or iOS 16. Desktops must be running Windows 10 or macOS 13 Ventura or later. You must also use a supported browser or later, including Safari 16, Google Chrome 109, and Microsoft Edge 109. Any FIDO-certified security key can also be used, which includes NFC and USB-based physical keys.
How to set up passkeys with Google
Passkeys can be created with the individual site or app you’re trying to log in to, but it’s easier to set them up through your Google account. Android devices automatically create passkeys for devices when you sign into your Google account, so you might already have some set up. Here’s how to do it.
- Navigate to your Google profile and head to Manage your Google Account> Security> Passkeys.
- Tap the blue Use passkeys button.
- On a device that isn’t already set up as a passkey (Android devices automatically create passkeys when you’re signed in) press Create a passkey.
- Tap the Continue button to add the device you’re using as a passkey.
- Tap Continue to set up the passkey through iCloud Keychain or Android.
Why you should use passkeys for your Google account
Your phone’s passcode and biometric security methods are some of the best authentication methods out there because somebody needs to physically access your phone to create one. Plus, all the best smartphones have quality biometric security methods. Since Google accounts can be used to sign in to a ton of different websites and apps, it’s essential to make sure your Google account is locked down.