TL;DR
- Google is making passkeys the default option to sign into personal Google Accounts.
- Users will be able to create and use a passkey the next time they sign in.
- They will also get an option to opt out and continue using passwords.
For most people, a username and password have been the hallmarks of establishing your identity on any online platform. While usernames are public and often easy to remember, passwords are private and often suggested to be a combination of letters across cases, numbers, and special characters. People end up reusing passwords, weakening their security. Passkeys are a novel solution to the headache of infinite unique passwords, and Google is taking a significant step toward its wider adoption.
Google has announced that passkeys are now the default option across personal Google Accounts. The next time you sign into your account, Google will display prompts to create and use passkey. Your Google Account settings will also have a “skip password when possible” option toggled on, though you can opt out of passkeys by turning off this setting.
Google mentions that people have used passkeys across YouTube, Search, and Maps. Outside of Google, Uber and eBay have also enabled passkeys. Google’s blog says that even WhatsApp is working on passkey compatibility, coming soon.
Passkeys use a fingerprint, face scan, or a device pin to unlock your mobile device or a password manager as the first layer of authentication. The website or service provider stores a public key, while the authenticator device holds the private key locally. These keys are mathematically related but are not identical. The website or service provider sends a query to the authenticator, which the authenticator solves by applying the private key. The website or service provider verifies the response with the public key without needing access to your private key.
Passkeys are generally considered more secure, as most people use and reuse simple passwords across the internet. Passwords are also stored in remote databases, which makes them prone to compromise by hackers. In comparison, unique passkeys don’t need to be remembered by humans, and the private keys aren’t stored on a server either.
Google’s push to make passkeys the default option for personal Google Accounts is a big step towards their adoption. We can expect more apps and developers to follow suit.
