Forget Passwords! Why You Should Upgrade to Google's Passkeys Right Now

It's safer, easier, quicker, and it's not the name of your dog

By
Charlie Sorrel
Charlie Sorrel
Charlie Sorrel
Senior Tech Reporter
Charlie Sorrel has been writing about technology, and its effects on society and the planet, for 13 years.
lifewire's editorial guidelines
Published on May 8, 2023 10:51AM EDT
Fact checked by
Jerri Ledford
Jerri Ledford
Fact checked by Jerri Ledford
  • Western Kentucky University
  • Gulf Coast Community College
Jerri L. Ledford has been writing, editing, and fact-checking tech stories since 1994. Her work has appeared in Computerworld, PC Magazine, Information Today, and many others.
lifewire's fact checking process
  • Google has switched on support for passkeys, which are a way safer alternative to passwords.
  • Sign-up takes moments, and you will be able to log in to Google without a password, using the existing biometrics on your device. 
  • Passwords will still stick around for a while yet
A digital security key surrounded by binary code and computer circuitry.

Vertigo3d / Getty Images

Everybody hates passwords, and Google users can now log in without them.

Google just switched on support for passkeys, the safer, more convenient, less annoying alternative to passwords. Passkeys let you log into websites and services using biometrics instead of a password. If you use Google, you should probably do it. And the good news is it takes less than a minute

"[O]ur research proves people are simply stuck in convenience when it comes to password creation. While it may sound funny that the world's most common password in 2022 was the word' password,' responsible businesses already understand that in order to save their users from cyber attacks, they cannot rely solely on passwords. They are outdated and do not serve the current internet environment, with all the cyber risks involved," Sorin Manole, product strategist at password and security company NordPass, told Lifewire via email. 

How Passkeys Work

We have a great article explaining how passkeys work, but here's the short version. When you use a password, both you and the service/website keep a copy, and when you log in, the site compares the two. As we know, this has several ways to fail. The password can be stolen from either you or the website (sites are supposed to encrypt your password, but that doesn't always help—or happen). You can be tricked into revealing it. Or you can choose a terrible password or use the same password everywhere. 

When you create a passkey, you actually create two keys. The private key is kept on your device and never leaves. The public key can only be used to lock and sign things, not unlock them, so it is safe to keep anywhere and is shared with the site you are signing up with. 

When you sign in, your phone sends the public key to the service, which then returns an encrypted 'challenge.' Your phone securely signs this challenge, which proves you are who you say you are. 

The difference is that there is no password to hack, steal, or phish. You would have to steal a user's phone just to log in. And because your phone authenticates you via fingerprint, FaceID, or device password, an attack is much harder than a simple hack. 

"Passkeys provide an additional layer of security and protection against common password-related issues like cyberattacks, resetting passwords, data breaches, and allow individuals to entirely replace the exploitable password," Bojan Simic, CEO and founder of passwordless company HYPR, told Lifewire via email. 

Google Passkey

Setting up a Google passkey is dead easy. Assuming you are already logged in to your Google account on the web, just visit http://g.co/passkeys, and click the 'Use passkeys' button.

Follow the prompts, authenticate, and you're done. You have a passkey. You will never have to log in to Google with a password ever again. 

Passkeys provide an additional layer of security and protection against common password-related issues...

There are several requirements on your end. You must be running a recent version of your device's operating system—at least iOS 16, macOS Ventura, Windows 10, or Android 9. You must also have a screen lock activated. 

If you're using a Mac, passkeys are stored in your iCloud keychain and synced between your devices. If you ever lose a device, you can use your other devices to wipe that lost device, just like you do now. 

You can also delete passkeys from your Google account's security settings. 

I'd recommend setting up a passkey with Google just to see how easy it is. This will make you much more enthusiastic about using passkeys when offered by other services. 

The end of the password is nigh, but they will linger for a good while yet. If nothing else, it will take a while for everybody to switch over. 

A biometric thumbprint overlaying a digital lock with binary code in the background.

monsitj / Getty Images

"No change is instant, and there will definitely be a period of time where we will live with both passkeys and passwords," says Manole. "For that reason, users must remember healthy password management practices, such as using password managers, password generators, regularly updating passwords, and never reusing them." 

This can't happen fast enough. Even if you practice ninja-level password hygiene, it won't help you if the services you use have lax security practices. And for most people, who use the name of their dog for every single login, passkeys will make a huge difference to their security and privacy. 

Goodbye, passwords. Don't let the door hit you on the way out. 

Was this page helpful?