Passwordless sign-in with passkeys is now available for Google accounts

May 3, 2023  By Pierluigi Paganini


Google announced the introduction of the passwordless secure sign-in with Passkeys for Google Accounts on all platforms.

Google is rolling out the passwordless secure sign-in with Passkeys for Google Accounts on all platforms.

Passwords are essential to protect services and data online, but when obtained by threat actors they can pose a risk to the users.

Despite the IT giant has implemented defenses like 2-Step Verification and Google Password Manager, it recognizes that to really address password issues, it is necessary to adopt passwordless solutions. This means that when a user signs into a website or app on his/her phone, he/she will simply unlock the phone without needing a password for the account anymore.

In 2022, Google announced it would begin work to support passkeys on its platform to replace passwords. The day has come, and Google has begun rolling out support for passkeys across Google Accounts on all major platforms.

“passkeys let users sign in to apps and sites the same way they unlock their devices: with a fingerprint, a face scan or a screen lock PIN. And, unlike passwords, passkeys are resistant to online attacks like phishing, making them more secure than things like SMS one-time codes.” reads the announcement published by the company. “Over the past year we’ve shared updates on bringing passkey experiences to both Chrome and Android, which services like Docusign, KayakPayPalShopify and Yahoo! Japan have already deployed to streamline sign-in for their users. Starting today, this will be available as an option for Google Account users who want to try a passwordless sign-in experience.”

Passkeys are stored only on the users’ devices (PCs, smartphones, tablets), this means that to be used, it is simple enough to unlock the devices using a PIN or a screen lock biometrics (e.g. face recognition, fingerprints).

“When you use a passkey to sign in to your Google Account, it proves to Google that you have access to your device and are able to unlock it. Together, this means that passkeys protect you against phishing and any accidental mishandling that passwords are prone to, such as being reused or exposed in a data breach.” reads a post published by Google. “This is stronger protection than most 2SV (2FA/MFA) methods offer today, which is why we allow you to skip not only the password but also 2SV when you use a passkey.”

passwordless secure sign-in with Passkeys for Google Accounts

Google will maintain the other Google signing-in options, allowing users to log in to their accounts when they don’t have access to their devices.

Passkeys are securely synced to the cloud allowing users to replace the device used to generate them. Apple users that create a passkey on their iPhone, can use it on any other devices signed in to the same iCloud account.

“This protects you from being locked out of your account in case you lose your devices, and makes it easier for you to upgrade from one device to another.” continues the post. “If you want to sign in on a new device for the first time, or temporarily use someone else’s device, you can use a passkey stored on your phone to do so. On the new device, you’d just select the option to “use a passkey from another device” and follow the prompts. This does not automatically transfer the passkey to the new device, it only uses your phone’s screen lock and proximity to approve a one-time sign-in. If the new device supports storing its own passkeys, we will ask separately if you want to create one there.”

Users that want to start using passkeys on their personal Google Account can visit g.co/passkeys.

We are in the final!

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini

Please nominate Security Affairs as your favorite blog.

Nominate Pierluigi Paganini and Security Affairs here here: 

https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Google)



Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.





You might also like





  • Digging the Deep Web: Exploring the dark side of the web

    Digging The Deep Web

  • Center for Cyber Security and International Relations Studies

  • Subscribe Security Affairs Newsletter

    newsletter

  • SecurityAffairs awarded as Best European Cybersecurity Tech Blog at European Cybersecurity Blogger Awards

    EU Sec Bloggers Awards 22


More Story

Hackers are taking advantage of the interest in generative AI to install Malware

 Threat actors are using the promise of generative AI like ChatGPT to deliver malware, Facebook parent Meta warned. Threat...