Google announced today that passkeys are now rolling out globally for Google Account users.
The news comes nearly a year after Google, Apple, Microsoft and the FIDO Alliance announced a partnership to enable frictionless passwordless login across devices, operating systems and browsers.
While multi-factor authentication mechanisms and password managers offer reasonable security improvements over traditional username/password workflows, they are not without flaws. For example, an authentication code sent via SMS can be intercepted, while using additional third-party password management software is a hassle too much for some.
Passkeys essentially sync users’ authentication across all their devices over the cloud using cryptographic key pairs, allowing them to log into websites and apps using the same biometrics or screen lock PIN that they use to unlock their devices. This makes it much more difficult for attackers to remotely access user accounts, as physical access to the user’s device is required.
It’s worth noting that, as with Apple and Microsoft, Google already supported the FIDO passwordless login standard, but they had to log into any website or app with any device before they could use it. However, as a result of the alliance, the trio has begun deploying the standard to their respective systems, including browsers (e.g. Edge, Safari, and Chrome) and operating systems (Android, MacOS, and Windows). Basically, this means that someone who wants to access their Google account on a Windows laptop can use a password from their iPhone.
Over the past year, the tech triumvirate has been slowly rolling out passkey support, with Apple introducing support for iOS in September to enable iPhones to serve as login tools for any supporting website or app. PayPal introduced passkey support on iOS in October, and other companies like Shopify, Kayak, and DocuSign followed suit.
Starting today, Google Account users can also use passkeys.
Users can activate passkeys by logging into their Google accounts, although this is completely optional – passwords and other existing multi-factor authentication tools are still very much operational.
And it seems that passkeys are currently only compatible with personal accounts, as Google noted that Workspace admins will have the option to enable this for their users “soon”.