Google posted on The Keyword titled: “”Passwordless by default: Make the switch to passkeys” It was written by Siram Karra and Christiaan Brand.
Earlier this year, we rolled out support for passkeys, a simpler and more secure way to sign into your accounts online. We’ve received really positive feedback from our users, so today (October 10) we’re making passkeys even more accessible by offering them as the default option across personal Google Accounts.
This means the next time you sign into your account, you’ll start seeing prompts to create and use passkeys, simplifying your future sign-ins. It also means you’ll see the “Skip password when possible” option toggled on in your Google Account settings.
To use passkeys, you just use a fingerprint, face scan or pin to unlock your device, and they are 40% faster than passwords – and rely on a type of cryptography that makes them more secure. But while they’re a bit step forward, we know that new technologies take time to catch on – so passwords may be around for a little while. That’s why people will still be given the option to use a password to sign in and may opt-out of passkeys by turning off “Skip password when possible.”
We found that one of the most immediate benefits of passkeys is that they spare people the headache of remembering all those numbers and special characters in passwords. They’re also phishing resistant.
TechCrunch reported that Google has announced that passkeys, touted by the tech giant as the “beginning of the end” for passwords, are becoming the default sign-in method for all users.
Passkeys are a phishing-resistant alternative to passwords that allow users to sign into accounts using the same biometrics or PINs they use to unlock their devices, or with a physical security key. This removes the need for users to rely on the traditional username-password combination, which has long been susceptible to phishing, credential stuffing attacks, keylogger malware, or simply being forgotten.
According to TechCrunch, while security technologies multi-factor authentication and password managers add an extra layer of security to password-protected accounts, they are not without flaws. Authentication codes sent via text messages can be intercepted by attackers, for example, and password managers can (and have been) hacked.
Passkeys, on the other hand, are made of two parts: one part is left on the app or website’s server, and the other is stored on your device, which allows you to prove that you are the legitimate owner of the account. This also makes it near-impossible for hackers to remotely access your account, given that the physical access to a user’s device is needed, even in the event of a server breach.
9To5 Google reported that after launching in May, Google will soon actively encourage users to set up passkeys for their Gmail, YouTube, and other first-party accounts,
With passkeys, signing in to your Google Account just involves entering a username and then using your phone or computers existing password (PIN code, fingerprint, face, etc.) to confirm the attempt.
As part of this launch, users can still just use their password over passkeys by turning off the “Skip password when possible” option. If a device is lost, you can revoke Google Account passkeys in settings.
Since launch, Google has found that “over 64% of our users find passkeys to be easier to use compared to traditional methods like passwords and 2-step Verification (2SV).” People also think passkeys are easier because the sign-in process is said to be 40% faster than passwords.”
In my opinion, passkeys will probably be easier for most people to use, compared to remembering what your Gmail or YouTube password was. I think passkeys should prevent someone taking over your Gmail or YouTube channel because they can’t replicate your fingerprint.