Google announced today that passkeys are now rolling out to Google Account users globally.
The news comes nearly a year to the day after Google, Apple, Microsoft and the FIDO Alliance announced a partnership to make frictionless passwordless logins a reality across devices, operating systems and browsers.
While multifactor authentication mechanisms and password managers offer reasonable security improvements on traditional username/password workflows, they are not without their flaws. An authentication code sent via SMS can be intercepted, for example, while having to use additional third-party password management software is one hassle too many for some.
With passkeys, users’ authentication essentially synchronizes across all their devices through the cloud using cryptographic key pairs, allowing them to sign-in to websites and apps using the same biometrics or screen-lock PIN they use to unlock their devices. This makes it far more difficult for bad actors to access users’ accounts remotely, given that physical access to the user’s device is needed.
Long time coming
It’s worth noting that Google, as with Apple and Microsoft, already supported FIDO’s passwordless sign-in standard, but they were required to sign into each website or app with each device before they could use it. As a result of the alliance, however, the trio have set about implementing the standard across their respective systems, including browsers (e.g. Edge, Safari and Chrome) and operating systems (Android, MacOS and Windows). Effectively, this means someone wanting to access their Google Account on a Windows laptop can use a passkey from their iPhone.
Over the past year, the tech triumvirate have been slowly rolling out support for passkeys, with Apple introducing support to iOS back in September to enable iPhones to serve as log-in tools for any supporting website or app. PayPal introduced support for passkeys on iOS in October, while other companies such as Shopify, Kayak and DocuSign have also introduced support.
From today, Google Account users will also be able to use passkeys.
Users can activate passkeys by logging into their Google Accounts, though this is entirely optional — passwords and other existing multifactor authentication tools are still very much operational.
And it seems that passkeys are currently only compatible with personal accounts, as Google noted that Workspace administrators will have the option to enable this for their users “soon.”