“We have an opportunity here to change the way users think about signing in,” says Christiaan Brand, an identity and security product manager at Google and co-chair of the FIDO2 technical working group. “If we can change the way that signing in works for your Google account, we hope that consumers will start to get more accustomed to the technology, and also signal to industry that we’re not just talking about this stuff—it is ready for prime-time adoption.”
Passkeys can sync between your devices through end-to-end encrypted services like Google Password Manager and iCloud Keychain. Or you can set up passkeys on multiple devices by generating a QR code on a device that’s logged in to your Google account that will anoint another device where you want to log in.
All of your Google account passkeys will be listed on the “Passkey Management Page,” where you can review and revoke them. You can even store a passkey for your account on the device of someone you trust as a recovery option. If you issue a passkey to log into your Google account on a shared device, be sure to revoke it once you’re done.
“What doesn’t help is when a vendor or developer only rolls out passkey for iOS or only rolls it out for Android. That’s not how passwords work; passwords are ubiquitous,” Brand says. “So for us, it was important to cover as wide a range of devices as possible on launch day, no carve-outs.”
Google says that even once you make a passkey for your account (or five), your traditional username and password login isn’t going anywhere, and you can still use it if you choose. But the company is betting that once people get used to passkeys, they’ll like them better and find them easier to manage than passwords. And once you’ve set up a passkey on a device, Google will automatically detect it and prompt you to log in that way going forward.
Brand says that in early tests on a few thousand users, sign-in success rates with passkeys were immediately higher than for traditional username and password logins. That doesn’t mean there won’t be what Brand calls “rough edges” or use cases where there are passkey bugs. But Google says it hopes to discover and iron out as many of these issues as possible, so smaller organizations can feel more confident implementing passkeys.
Google’s announcement comes on the eve of World Password Day on Thursday. But passkey proponents are ramping up their efforts to make the occasion obsolete.
“Eventually, it’s going to be like World Horse and Buggy Day, I think,” Shikiar says. “For the time being, it’s a good reminder of the challenge we have to get rid of passwords.”
