Google Pushes for Passwordless Future: How to Set Up and Manage Passkeys for a Secure Login Experience
Google is advocating for users to adopt passkeys, a move towards a passwordless future, where passkeys can be stored securely using the Google Password Manager service. This new login method is now available on websites that support it, allowing users to generate, store, and synchronize passkeys through Google.
However, the implementation of passkeys may pose some challenges. While changing a password is straightforward, adding passkeys to an existing account or managing them solely within your browser might require more steps. Nevertheless, users can leverage passkeys with their Google accounts on compatible websites after navigating through certain procedures.
In essence, passkeys serve as a secure method to authenticate your identity without needing to remember lengthy passwords for every app and website you access. You can utilize a passkey for your Google account, but it’s also possible to store passkeys for other websites using the Google Password Manager, which is accessible on Chrome or directly through Android devices.
To initiate the process, visit g.co/passkeys and follow the prompts. You will need to log in to your Google account, where you can create a passkey, either device-bound or stored in a third-party password manager if you prefer. If you don’t utilize a third-party password manager, your Google passkey will be associated with the device you are currently using.
Although Apple devices allow passkeys to sync across other Apple devices via iCloud Keychain, non-Apple devices will require the original device used to create the passkey for login purposes.
Creating a passkey for your Google account is a straightforward process, but it’s essential to perform it on a device that supports passkeys. After creating a passkey, you can manage it at myaccount.google.com by selecting Security, then Passkeys and Security Keys from the menu. Here, you can view the passkeys associated with your account, including those for multiple devices used to log in to the same account.
Google passkeys are generally safer than traditional passwords due to their reliance on asymmetric encryption using a public-private key pair. Since only you have access to the private key, even in the event of a breach or phishing scheme, an attacker cannot access your account without this key, which remains on your device.
In contrast, a password uses symmetric encryption and requires Google to store an encrypted copy on its servers, potentially increasing the risk of a data breach. Additionally, you must remember your password, making you susceptible to phishing and social engineering attacks.
While storing passkeys in the Google Password Manager is generally secure, it’s essential to understand the risks associated with local storage. In certain circumstances, such as on Windows devices, an attacker could potentially expose your passwords by combining a locally stored encrypted login file and your encryption key file using a Python script and some technical knowledge.
To mitigate this risk, consider storing passkeys in a third-party password manager like Proton Pass or 1Password. These external password managers allow you to sync your passkeys across devices, making management more convenient while keeping your passkeys secured by the password manager itself rather than a specific device.
Google aims to simplify the process of saving passkeys within its Password Manager. However, the actual implementation involves several steps. First, enable passkeys for the Google Password Manager by opening Chrome and following these instructions:
