If you've heard of "passwordless authentication," this is Google's entry to the growing field. While it isn't mandatory to use passkeys for Android and Google users, we recommend that you switch it on because we believe it is now the safest way to sign on to search, Gmail, YouTube, and Google Sheet every day.  

What is a passkey? 

A passkey is a cryptographic advancement that removes the need for passwords. Before your eyes glaze over, picture this: you no longer need to type something into the little password box when logging into Google products. While passwordless authentication has yet to be widespread on the internet, the fact that Google has jumped in means it’s a great time to get acquainted with moving beyond the password. 

Basically, when you sign up for a Google service or turn on passkeys, your device will create two cryptographic "keys," one public and one private. Google's computer servers know and verify your public key. When you attempt to log on, Google's servers automatically see that someone is trying to access your public key and will send a "challenge" to your device to make sure it is you. This is where the private key comes in – the private key is stored only on your device (like an Android phone or iPhone) and can be protected by biometrics like FaceID or a fingerprint scan. Once you allow your private key to be used, the server validates the login attempt and you can check your Gmail.  

Importantly, Google's servers never learn your private key, so no secret string of letters, numbers, and symbols is sent around the internet. Your public key is useless to a hacker without your device harboring your private key.  

Why should I care? 

Even if you aren't a cryptography geek, this is still a big deal, and we recommend you switch on passkeys if you’re one of the roughly 2 billion people who have Google accounts.  

This is because a passkey is far more resistant to phishing attacks – someone would have to physically steal your device to pair your private key with your public key. Even then, a hacker would have to bypass the security features on your phone to have a shot at figuring out your private key, no easy feat.  

We think you should turn on Google passkeys to supercharge the security of your Google account.  

Ok, how do I turn on Google passkeys? 

You can switch on Google passkeys at g.co/passkeys and setting it up is straightforward. If you don't use an Android device, you will have to scan a QR code with your device to set it up.  If you have a Google Workspace account, Google says that your administrators will have the ability to enable passkeys for you soon.   Importantly, syncing your passkeys functions differently than using a password manager. Your passkeys can sync only amongst the same operating systems (like Windows or iOS). To use your passkeys across devices with different operating systems, you will have to use workarounds like QR codes.   Also, Google expects passkey adoption to take some time, so old-school passwords and multi-factor authentication (MFA) options are still here. Even if you aren't taking the plunge with passkeys (but you should), we recommend that you at least switch on MFA for Google and any other account that offers it. 

Learn more about passwordless authentication