Google Pushes for a Passwordless Future: How to Use and Manage Passkeys for Enhanced Account Security

Google is encouraging users to adopt passkeys as a means to transition towards a passwordless future. By storing passkeys within the Google Password Manager service, users can generate, save, and synchronize passkeys for compatible websites. However, implementing this new method presents some challenges.

While changing a password is straightforward, integrating passkeys into an existing account or managing them exclusively within your browser remains challenging. Nonetheless, you can utilize passkeys with the Google Password Manager on supported sites; it just requires navigating through a few additional steps initially.

In essence, passkeys serve as a means to verify identity, eliminating the need to memorize lengthy passwords for multiple apps and websites. Although you can create a passkey for your Google account, you may also store passkeys for other sites using the Google Password Manager—available on Chrome or directly through Android devices.

To initiate the process of using a passkey with your Google account, navigate to g.co/passkeys and follow the provided instructions. You’ll first log into your Google account, then create a passkey, which can either be tied to your device or stored in a third-party password manager. If you do not utilize a third-party password manager, your Google passkey will be bound to the device you are currently using. Apple devices can sync passkeys across other Apple devices via iCloud Keychain, while non-Apple devices require the specific device used to create the passkey for login purposes.

Establishing a passkey for your Google account is straightforward, but it’s essential to perform this action on a device that supports passkeys. To do so, you will need:

Once you have created a passkey, you can manage it at myaccount.google.com. Here, navigate to Security, and then select Passkeys and Security Keys to view the passkeys you have. It’s possible to have multiple passkeys for different devices that access the same account, depending on whether or not you use a third-party password manager.

How Secure Are Google Passkeys?

A passkey for your Google account generally offers increased security compared to traditional passwords. Passkeys employ asymmetric encryption with a public-private key pair, ensuring only the user has access to their private key. In the event of a breach or phishing scheme, an attacker cannot gain access to your account without your private key, which remains on your device.

In contrast, a password uses symmetric encryption and is considered a “shared secret” in cybersecurity circles. With a password, Google must store an encrypted copy on its servers, increasing the potential risk of a breach. Moreover, users must remember their passwords, leaving them vulnerable to phishing and social engineering attacks.

Is It Secure to Store Passkeys within the Google Password Manager?

The Google Password Manager available through Chrome stores your logins locally on your device and can sync your logins across devices, but an encrypted copy is kept locally. A file containing your encryption key is also stored locally, and with a Python script and some technical knowledge, this information could potentially expose your passwords on Windows systems.

For this type of attack to be successful, an attacker would need access to your device, which is less likely on desktop devices but should still be considered when traveling or if there’s a risk of device loss or theft. In such cases, it may be advisable to store passkeys in an external password manager for added security.

Should I Use an External Password Manager for Passkeys?

You can create and manage passkeys on Windows through Windows Hello, on macOS and iOS via iCloud Keychain, and on Android or within your browser through the Google Password Manager. However, employing a third-party password manager like Proton Pass or 1Password simplifies this process significantly.

An external password manager allows you to synchronize your passkeys across devices, and they are tied to the password manager rather than your device. If your device is authenticated with your password manager, you can access your passkeys as well.

Google promotes the integration of passkeys within the Google Password Manager as a seamless process. Upon signing in or creating an account, Google may offer to save a passkey, and the process appears to be complete once accepted. However, the actual implementation involves several additional steps. First, you must enable passkeys for the Google Password Manager by following these instructions within Chrome:

1. Open your Chrome browser.
2. Click on the three-dot menu in the upper right corner.
3. Navigate to “More tools” and then select “Passwords.”
4. Click on the gear icon (settings) in the upper right corner.
5. Toggle on the option for “Passkeys and Security Keys.”