What do you need to know?
- Google has started moving to password-free login for all its services on all major platforms.
- Passkeys is now offered as an optional security method when signing in to your Google Account across multiple devices.
- The search giant says the new security feature will help reduce the attack surface for phishing campaigns.
It’s no secret that passwords are easy to forget and vulnerable to a variety of attacks, including brute force and phishing campaigns. That’s why companies like Google are rushing to replace them with passwords as a more secure alternative, requiring only biometrics to unlock your device. Google is now taking that effort a step further by using a password as an additional option when you sign in to your account across all of its services on all major platforms.
This means you won’t need to keep entering your password every time you sign in to your Google Account from any of your devices. Passkeys use a cryptographic approach that requires only a key pair, where one key is public and registered on Google’s servers, and the other is private and stored locally on your devices.
“Once you add a password to your Google Account, we’ll start asking for it when you sign in or perform sensitive actions on your account,” Google wrote in a blog post. The search giant notes that Access Keys will attempt to verify your identity by asking for your screen lock biometrics or PIN.
It’s part of Google’s broader effort to make passwords a thing of the past and promote the password-free experience as the next big thing in online security. In October of last year, Mountain View rolled out password support for Android and Chrome, enabling password-free access to apps and websites regardless of platform. In Android 14 Developer Preview 2, Google also introduced a new API to make app access more secure and seamless without using passwords.
For now, passwords are only an option, and Google apps and services still support passwords. In the long term, the goal is to help protect users from various attacks that exploit password weaknesses, such as phishing campaigns.
“While we encourage users to switch to a passcode for both their security and convenience, we’re adding it as one of many options for signing in to Google,” the company said. “All existing methods, including your password, will still work if you need them, for example when using devices that don’t yet support passwords.”
While the private key is only on your devices, Google says your phone’s operating system, such as Android, or one of the best password managers syncs it across all your devices.
Google notes that passwords are still in the early stages, acknowledging that it will be some time before they become universal.