Passwords are the primary way we use to protect our online accounts, but as history has shown us, a chain is only as strong as its weakest link. This means that unless you’re using a password manager to help create strong and complex passwords that are hard to crack, there is a good chance that your passwords could be easily figured out and cracked.
This is why companies like Google are taking steps to move towards a password-free future. Most recently, Google announced that they will now be adding support for passkeys for Google Accounts, giving users a password-free alternative way of logging into their accounts, so if you’re interested in setting it up for yourself, here’s how.
What are passkeys?
Passkeys are basically an alternative to the traditional character-based passwords that many of us are familiar with. In a way, you have been sort of exposed to the concept on devices like your phone, where you might be either using your fingerprint or facial data to unlock your device and to authorize transactions.
It is even “better” than two-factor authentication that relies on one-time generated codes because while these numbers are random and can only be used once, there have been instances where users are reporting OTP scams where they might be tricked into handing the OTP number over to a hacker/scammer.
How passkeys work is by leveraging the WebAuthn API. This is an API developed by the FIDO Alliance which uses public and private keys that check to see if you are who you say you are. The public key will be stored on the website that you have set up passkeys on, while the private key is stored securely on your authenticating device, like your phone, which is then further secured by your phone’s security system like fingerprint or facial data.
This means that unless the attacker somehow has physical access to your phone and biometric data and is physically forcing you to use your fingerprints, your logins are safe. We wouldn’t go as far as saying they are 100% secure because there is honestly no such thing, but for the most part it is a lot more secure than traditional passwords that can be cracked, especially if you’ve chosen one that can be easily guessed.
Set up passkeys on Google
So now that you know what passkeys are, here’s how you can set it up for your Google Accounts.
- Go to Google’s passkey page
- Sign into your Google account that you want to set up passkeys for
- Click the “Create a passkey” button
- Click on Continue
- Now here’s where it might differ depending on the device you’re setting up on:
- If you’re using a computer, you might be prompted to scan a QR code given by Google using your phone, which will then authenticate you using your fingerprint or facial data if you’re using an iPhone with Face ID
- If you’re setting it up on your phone, you can skip the QR code part entirely and authenticate using your fingerprint or facial data
- Once you’ve authenticated yourself, click on Done and you’re good to go
- Now whenever you’re required to sign into your Google Account, instead of entering your password like you normally would, you will now have the option to authenticating your credentials using biometric data, making it a much simpler login process