Google Adopts Passkeys as Default Sign-in Method for All Users

Google Adopts Passkeys as Default Sign-in Method for All Users

Google on Tuesday announced the ability for all users to set up passkeys by default, five months after it rolled out support for the FIDO Alliance-backed passwordless standard for Google Accounts on all platforms.

“This means the next time you sign in to your account, you’ll start seeing prompts to create and use passkeys, simplifying your future sign-ins,” Google’s Sriram Karra and Christiaan Brand said.

“It also means you’ll see the ‘skip password when possible’ option toggled on in your Google Account settings.”

Passkeys are a new form of authentication that entirely eliminate the need for usernames and passwords, or even provide any additional authentication factor.

In other words, it’s a passwordless login mechanism that leverages public-key cryptography to authenticate users’ access to websites and apps, with the private key saved securely in the device and the public key stored in the server.

Authentication is considered successful if the signed response can be validated using the associated public key.

An immediate benefit to passkeys is two-fold: they not only obviate the hassle of remembering passwords, but are also phishing-resistant, thereby safeguarding accounts against potential takeover attacks.

The development comes weeks after Microsoft officially began supporting passkeys in Windows 11 for improved account security. Other widely-used platforms like eBay and Uber have enabled passkey support in recent months.