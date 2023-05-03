Are you tired of passwords? We're tired of passwords, even when they're made easier with a password manager app. Companies like Google are tired of passwords, which create too many potential vulnerabilities for user security. Everyone knows it's a problem. And now a solution is on the rise. Welcome to the world of passkeys.

While a passkey may sound similar to a password, it's a different type of security login designed to remove the flaws of older passwords and improve the experience for everyone (except hackers). Our FAQ covers everything you need to know to prepare for adopting this new tech on your smartphone.

What is a passkey?

A passkey is a unique key used to identify a user and their account, a login bundle designed to be easily and safely shared between devices. Passkeys are currently created with the WebAuthn standard and use public-key cryptography.

The first time a user logs in with passkey technology, the technology generates a key pair. One key lives on your device privately and isn't shared with anything else. The other key waits on a service's servers. When the two keys match, the login information is shared. Users can use their Android phone's built-in biometrics or other authentication to unlock and share the key.

How are passkeys different from passwords?

Passkeys change the game in several ways. First, you don't have to remember anything. Passkeys are very long sequences compared to passwords, which gives them robust security, but they aren't designed to be manually typed in. Instead, your device and the web server keep the passkey pair safe and match them up when necessary with a quick handshake protocol. Then, you'll use biometrics or a similar security to log in to your authentication device.

Second, passkeys are innately resistant to hacking attempts. Your private key is securely stored on your device and isn't shared with anything. Instead, the server provides a challenge sequence that only the private key can solve correctly and accepts the returned sequence. The private key can't be intercepted. Theoretically, public keys on servers can be hacked, but hackers can't use them to identify anything or log in to accounts.

Third, passkeys don't work on some classic hacking attempts, like most phishing techniques. You can't "give" a passkey to a third party even if you want to. If a phishing attempt tries to get you to log in to a fake web form, it won't work because there's nothing for the passkey to authenticate.

Finally, passkeys offer high resistance to all kinds of brute force techniques. They're so complex that today's hacking software doesn't have a chance of guessing the right combination in any timeframe that's acceptable for hackers.

So passkeys are an improvement on passwords?

Yes, the differences above make passkeys an effective improvement on passwords. Plus, they're safer and easier to use. After the first setup, there's not much left to worry about.

Still, passkeys aren't perfect. They depend on authentication devices, so you may have trouble logging in to services without time-consuming workarounds if your phone is stolen. Also, they're harder to share with other people than traditional passwords, which is a nice security benefit but annoying when you need to give a password to a business associate or family member.

How do passkeys work in the Google ecosystem?

Google added passkey support for developers last year and rolled it out to all users by the end of 2022. Google Chrome supports passkeys on Android, Windows 11, and macOS, utilizing existing tools like Google Password Manager.

Google expanded the program when it announced passkeys for personal Google accounts in May 2023. Workspace users will have access to passkeys in the near future. The process is currently opt-in, so you can continue to use passwords and 2SV for the time being.

Users with updated Android operating systems will find the passkey process similar to past authentication as long as developers have enabled it. When logging in to a compatible service, they can authenticate their device with two-factor authentication and set up a passkey immediately. There's a good chance users have set up some passkeys without noticing it's different from generating and saving a new password.

How to set up a Google passkey

You can set up a Google passkey from your computer, phone, or tablet. The process only takes a few moments. You can also authorize multiple accounts, so you don't need to have access to a single device to access your account. Here's a quick rundown of how to set up a passkey:

Open your web browser on your phone or computer and head to the Google passkey page (g.co/passkeys.com). Enter your Gmail address and password if prompted. A screen will appear that shows your automatically created passkeys. Click the blue "Use passkey" button. The Create a passkey for your Google Account pop up will appear. Tap the blue Continue button if you want to create a passkey on your current device. If you want to set up a passkey on a different device, click the blue Use another device text. A device-specific sign in screen will appear, asking you to authenticate using biometric data. If you log into your computer or phone using a PIN or password, you will be asked to enter it instead. We used MacOS for this tutorial, so your sign in screen will look different if you use Android, Windows, or ChromeOS. Once the passkey created screen appears, you can click the blue Done button.

As of May 3, 2023, this feature is only available for personal Google accounts. Google Workspace accounts will support passkeys in the near future, but your administrator will need to update enable the option.

Are there other popular passkeys available?

Yes. Many brands have enabled passkey support or created passkeys of their own. Apple has its own passkey setup for its ecosystem. Microsoft accepts them, too. Services like PayPal and stores like Best Buy have also started using them.

Importantly, passkeys aren't ecosystem-dependent. In other words, you don't need an iPhone to use a passkey on macOS. You can use your Android phone. Mixing and matching operating systems still lets you benefit from passkey protection.

So passkeys work with a password manager?

If you have a favored password manager like Dashlane or 1PassWord, you may wonder how passkeys work with it. While a password manager isn't required to use passkeys, many support storing passkeys like they store their own generated passwords. Common managers like Dashlane and 1Password offer passkey compatibility, with others on their way. And if you use built-in password managers like the Google Password Manager, they have innate support.

The future of password technology is passkeys, so get ready

While passkeys may not offer the best fit in every circumstance, they're a significant improvement on old-fashioned passwords in many ways. Major brands have adopted passkey support, and more are sure to follow. Just as two-factor authentication grew into a ubiquitous requirement, expect passkeys to become an accepted security feature for your logins.

Passkeys are faster and more secure than passwords, so end users should see many benefits. But you may want to designate a specific mobile device with good biometrics as your go-to authenticator for passkeys. Don't worry about upgrading devices later on. Along with other profile data, you can safely pass your passkeys to a new Android phone when it's time to switch.