Passwords aren't all they're cracked up to be. Now, you don't even need one for Google.
Google accounts across all major platforms will soon be supporting passkeys, a cryptographic system that relies on a previously authenticated device rather than requiring users to key in a password or use two-step verification.
The push away from passwords has been slow and steady in the tech world for years, and the fact that a company as huge and influential as Google has made this big a move indicates that our passwordless world is here to stay.
How You Can Ditch Your Google Password
As of today, users can head to their Google account to change their verification process over to a passkey. The passkey can be a local PIN or the biometric authentication from the user's personal phone (likely fingerprints or Face ID).
The sensitive personal data is never given to Google itself, as the passkey sign-ins are from a trusted third-party service, FIDO Alliance.
You'll need a compatable smartphone in order to store your passkey — anything running iOS 16 or Android 9 will do the trick. If you have a secondary device, you can share the passkey through iCloud or a paid password manager. Dashlane already offers this service, while 1Password says it will have the function this year.
There's one catch: This won't work on a shared device, as the other user or users will have full access to your Google account.
Okay, fine, there's another catch, too, and it's one you might have thought of. If your phone is stolen, the culprit can now gain access your account. The solution is the ability to revoke a passkey from within the Google account settings.
The Key to Solving Online Security?
Google, Microsoft, and Apple have all adapted some form of the passkey system that FIDO Alliance supports within the last few years.
Google's new rollout of the function is just the latest sign that the world's biggest tech platforms want something more secure than just passwords.
“We’re thrilled with Google’s announcement today as it dramatically moves the needle on passkey adoption due both to Google’s size, and to the breadth of the actual implementation — which essentially enables any Google account holder to use passkeys” ~Andrew Shikiar, executive director of FIDO Alliance
There are plenty of surveys and studies to prove that passwords aren't great, from the fact that one in five passwords from federal agencies are easily crackable to the 85% of web users who admit to reusing the same passwords across multiple sites.
Hackers have boasted about benefiting from weak passwords, and IT leaders have been sounding the alarm for a while: Over 80% of them agree that passwords are a “deceptively weak” form of security.
Passkeys seem like a safer solution, and a much-needed upgrade on our current system. We're still rolling them out, however, and nearly all the services smaller than Google and Apple don't yet offer passkeys. If you're desperate to stay safe in the meantime, we'd recommend a password manager. The best ones cost just a few dollars a month, and they'll store far more complex passwords than your own gray matter can handle.