Google is switching to passkey. Forget about passwords

A few days ago, Google announced a huge change – the default way to log in to a Google account is no longer a password, but a passkey system. Logging in by confirming your identity with your phone may soon become a breakthrough that will completely eliminate traditional passwords.

Google passkey – the company changes the login method

Passkeys, or access keys in Polish, are an alternative to the classic login and password system. Although this method was sufficient for many years, logging in is now becoming more and more tiring and less secure. Many passwords are difficult to remember, they can be leaked online, cracked by hackers or extorted by fraudsters.

The passkey system in Google allows you to log in in a trivial way, using the same methods that we use to unlock our smartphone. The idea is to scan our fingerprint or face, enter the PIN code or security pattern on the mobile device. Moreover, this system shortens logging in because it can replace several 2FA verification steps – for example, a password and a one-time SMS password.

Passkeys were established as a new standard by the international security consortium FIDO Alliance in 2022. Their introduction was quickly announced by the largest players on the tech market – Google, Apple and Microsoft. Google launched the service for those interested in May 2023. Now, however, it is starting to gently convince users with notifications to switch to the new method.

How to set up a passkey and log in to Google?

Technically, Passkey uses advanced cryptographic systems and the public and private key method. A specific service, in this case Google, stores our public key – it is different for each subsequent service or website. When logging in using biometrics, we provide a private key that is matched to the public key.

This means that even if a hacker breaks into the servers, he has no way of taking over our login details. The public key itself is useless. At the same time, fraudsters cannot impersonate a given website to extort login details from us – the system only works on authentic websites where it was created by the user.

Switching to the passkey system in your Google account is not difficult. Just log in using the previous methods, click “Create access key”, and then confirm your details by unlocking the phone.

Logging in with passkey is also trivial. We go to the Google website, select our account from the list, confirm our willingness to log in by unlocking the phone and that’s it – we are logged in. On ecosystems other than Android, we scan the QR code with our phone and confirm the proximity of the smartphone via Bluetooth, which allows for a one-time login by unlocking the device.

Passkey login in Google – what if I lose my phone?

Since logging in is quite closely related to our phone, the question naturally arises what will happen to the passkeys if we lose the device. Google reassures you that all passkeys are stored in the cloud and synchronized with other Android devices using the same Google account.

When changing the device, the passkeys are transferred to the new phone, where we must confirm our identity using a fingerprint or another method. Synchronizing access keys may require entering a PIN or security pattern from the old device, but does not require us to physically have it.