When compared to a conventional password, a passkey offers an easier and faster way to sign into your Google account. You may add a passkey for any personal Google account, but you’ll need to wait until an administrator allows passkey access for any Google Workspace accounts (e.g., such as an account you use for work). In fact, in October 2023, Google made passkeys the default option for access for personal accounts.
Follow the steps below to use passkeys with Google accounts, whether you’re an end user or a Google Workspace admin. And, if you’re interested in learning the basics about passwords, including which sites and services support passkeys, you’ll find that information after the step-by-step instructions.
- What do you need to create a passkey for your Google account?
- How to enable passkeys for your Google account
- How an administrator may permit passkeys in Google Workspace
- How do passkeys work?
- Should I use passkeys?
- Does every site or service support passkeys?
What do you need to create a passkey for your Google account?
In order to create a passkey for your Google account, you’ll need a device running at minimum:
- A recent desktop or mobile operating system (i.e., Windows 10, macOS Ventura, ChromeOS 109, iOS 16, Android 9 or more recent) or a hardware security key with FIDO2 support.
- A supported browser (i.e., Chrome 109, Safari 16, Edge 109 or more recent). Most major operating systems and browsers support passkeys or soon will.
Your device also needs screen lock enabled, such as a PIN, face scan or fingerprint recognition.
How to enable passkeys for your Google account
The simplest method to enable Google account passkeys for the first time may be to go to https://g.co/passkeys, sign in to your account and follow the instructions. During the process, you may need to enter your password as well as authenticate to your device (e.g., with a fingerprint, PIN code or swipe pattern). A few of the key steps during this process on an Android phone are shown below (Figure A).
To add and manage passkeys within your Google account on the web:
- Sign in to manage your Google account at myaccount.google.com.
- Select Security.
- In the How You Sign In To Google section, select Passkeys (Figure B). If you have already enabled Passkeys, that option will display in the section with other methods, such as Authenticator or Google prompt.
The process sequence is similar to the mobile device setup in that you may need to first authenticate and then create a passkey on your device.
How an administrator may permit passkeys in Google Workspace
- Sign in to the Google Admin console with your Workspace administrator account.
- Go to Menu | Security | Authentication | Passwordless.
- In the Skip Passwords section, select the checkbox next to Allow Users To Skip Passwords At Sign-in By Using Passkeys (Figure C) and select Save. It may take a bit before the option to add a passkey is available for accounts in your organization.
After this setting has been set to allow people to skip passwords, employees may choose to create passkeys — as covered in the “How to enable passkeys for your Google account” section — on devices they use.
How do passkeys work?
Sites and services that support passkeys rely on a private key that is securely stored on your device to allow access. To sign in, the system relies on a simple unlock method, such as a fingerprint, face scan or PIN code, along with additional authentication methods, if needed.
Should I use passkeys?
If you use passkeys, you need to control access to your devices. Someone with physical access to your device and, importantly, with the ability to unlock it, could gain access to your passkey-protected accounts.
So, passkeys make a lot of sense when you’re the sole user of a device or set of devices, but they aren’t the most secure option for shared systems. Also, if you regularly misplace or lose possession of unlocked devices, passkeys aren’t a good idea. Anyone who uses the same phone and laptop day after day, though, will likely find passkeys efficient and secure.
Does every site or service support passkeys?
Unfortunately, not every site or service supports passkeys. Apple, Google and Microsoft all embrace passkey usage, as do Adobe, Amazon, DocuSign, Uber and WhatsApp. Check the documentation for sites you use or monitor directories, such as passkeys.directory and passkeys.io, to track passkey availability. Similar to how some sites were slow to support multifactor authentication, it may take awhile before every site lets you sign in with a passkey.
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays