Passkeys, often used as part of multi-factor authentication (MFA) or two-factor authentication (2FA), are important because they provide an extra layer of security to your online accounts, making it much more difficult for unauthorized users to gain access. Even if someone were to learn your password, they would also need access to your passkey to log into your account. This passkey is typically something only you can access, such as a code sent to your phone, an authentication app, or a physical security key.
In terms of replacing passwords, passkeys are gaining popularity as part of passwordless authentication systems. In such systems, instead of a password, you use something you have (like your phone or a hardware token) or something you are (biometric data like a fingerprint or face recognition) to verify your identity. When you attempt to log in, a passkey is sent to your device, or your biometric data is checked, and only after this verification are you granted access.
What Is a Passkey?
A passkey is a new type of login credential that removes the need for passwords. It is a cryptographic key pair stored on the user’s device and used to authenticate the user to a website or app. Passkeys are more secure than passwords because they cannot be phished or stolen. They are also more convenient because users do not have to remember them.
Passkeys work by using a process called public-key cryptography. The user’s device generates a public key and a private key. The public key is sent to the website or app, while the private key is kept secret on the user’s device. When the user tries to log in, the website or app sends a challenge to the user’s device. The device uses the private key to generate a response to the challenge. If the answer is correct, the user is logged in.
- Passkeys are more secure than passwords. They are not susceptible to phishing attacks or keyloggers.
- Passkeys are more convenient than passwords. Users do not have to remember them.
- Passkeys are easier to use than passwords. They can be created and managed with a single click.
- The latest browsers and operating systems support passkeys.
If you want a more secure and convenient way to log in to websites and apps, you should consider using passkeys.
Requirements to Set up and Use a Passkey
Passkeys are a more secure and convenient way to log in to websites and apps. They replace passwords and are designed to make it easier for users to create and manage their login credentials. If you are trying to get ahead of the curve and want to set up and use a passkey on your Google account, there are some requirements that you need to be aware of.
- Device Requirements: Passkeys are supported by the latest versions of Apple’s iOS, iPadOS, macOS, and tvOS, as well as devices running the latest versions of Google’s Chrome, Edge, and Firefox browsers.
- Website or app requirements: Many websites and apps already support passkeys, and more are expected to add support in the coming months.
- Biometric authentication requirements: Passkeys require a compatible biometric authentication method, such as a fingerprint sensor, facial recognition, or a PIN code.
- Additional requirements: If you want to use a passkey on a phone to sign in to another computer (or another device), you’ll need Bluetooth enabled on both devices.
How to Set up a Passkey for Your Google Account
If you want to set up a Passkey for your Google account, Google has made the entire process extremely easy for you to do so. A Passkey is made available on any Android device signed into the same Google account by default. However, you can manually create a passkey on other devices, such as a FIDO2-supported security key or an iPhone.
- Open the Chrome, Safari, or Microsoft Edge browser on your computer.
- Navigate to g.co/passkeys.
- Make sure you are signed into the correct Google account.
- When prompted, click the Continue button to create the passkey.
- If you have already created a Passkey previously, scroll to the bottom and click the Create a passkey button.
- If creating a Passkey for a smartphone, open the camera app.
- Scan the QR code that is presented.
- Follow the on-screen steps to finish the setup process.
After you confirm the passkey creation using the on-device biometrics, you’ll be taken back to the passkey landing page within your Google account settings. From here, you’ll see all the devices that can be used with passkeys.
How to Use Passkeys
Now that you’ve created a passkey for your Google account, you’ll likely want to know how to use it. Well, Google has simplified the process, as you don’t need to enter your password. Instead, here are the steps you’ll need to take if you want to use passkeys on your Google account.
- Navigate to the website that you want to log into.
- Enter your Google account email.
- From the Use your passkey… page, click the Continue button.
- Select either Use a phone or tablet or USB security key, depending on the Passkey that you plan to use.
- If using a phone or tablet, scan the QR code when prompted.
And after a moment or two, you’ll be signed in with your Google account! Several different websites and services already offer support for Passkeys. In addition to Google and Apple, some of the other websites that can make use of Passkeys include the likes of Best Buy, eBay, Cloudflare, PayPal, and more.
How To Remove a Passkey
From time to time, you might decide that you want to remove a passkey from your Google account. This could be because you don’t want an older phone or tablet to have the ability to be used as a passkey if you upgraded to a newer model. Thankfully, Google makes it easy to remove a passkey from your Google account.
- Open the Chrome, Safari, or Microsoft Edge browser on your computer.
- Navigate to g.co/passkeys.
- Make sure you are signed into the correct Google account.
- Scroll down until you reach the Passkeys you created section.
- Click the X icon on the right side of the device you want to remove.
The steps to remove a Passkey are slightly different if you try removing an Android device. Android devices automatically generate and create passkeys for you to use when you sign in with your Google account. Here’s how to remove those passkeys:
- Open the Chrome, Safari, or Microsoft Edge browser on your computer.
- Navigate to g.co/passkeys.
- Make sure you are signed into the correct Google account.
- Under the Automatically created passkeys section, click the Manage devices button.
- From the Your devices page, locate and select the device you want to remove.
- Click the Sign out button.
- Click Sign out again to confirm.
Moving forward, the only way you’ll be able to use that same device as a passkey in the future is to sign back into your Google account.