With the announcement that passkeys, a new cryptographic keys solution requiring a preauthenticated device, is coming to Google accounts on all major platforms, the company's next step toward a password-free future has arrived. Google users can switch to passkeys as of right now and completely do away with passwords and two-step verification codes when logging in.
Google, Apple, Microsoft, and other tech firms affiliated with the FIDO Alliance are promoting passkeys as a safer, more practical substitute for passwords. They can substitute a local PIN or a device's built-in biometric authentication, like a fingerprint or Face ID, for conventional passwords and other sign-in mechanisms like 2FA or SMS verification. Since there is no password that could be stolen in a phishing attack, this biometric data isn't shared with Google (or any other third party), and passkeys only exist on your devices, which offers greater security and protection.
When a passkey is added to a Google account, the platform will start asking for it when you sign in or whenever it notices potentially suspect behaviour that calls for additional verification. Passwords for Google accounts can be stored on any hardware that supports it, including iPhones running iOS 16 and Android devices running Android 9, and shared to other devices from the OS using services like iCloud or password managers like Dashlane and 1Password (scheduled to launch in "early 2023").
In order to temporarily access your Google account, you can still utilize another person's device. Instead of transferring the passkey to the new hardware, choosing the "use a passkey from another device" option just creates a one-time sign-in. Creating passkeys on a shared device is never a good idea, as Google warns, as anyone who can access and unlock that device will also have access to your Google account.
If users believe that someone else may be able to access their Google account or if they lose the lone device that contained the passkey, they can immediately revoke the passkey in the account settings. Users who have signed up for Google's Advanced Protection Program, a free program that offers extra security safeguards against phishing and harmful apps, can opt to utilize passkeys instead of their regular physical security keys.