Google has announced that passkeys for Google Accounts are now available. Described as a new way to sign in to apps and websites, passkeys are a replacement for traditional passwords, allowing users to gain access to their accounts via fingerprint, a face scan, or a screen lock PIN. According to Google, this data won’t be shared with the company or anyone else, and passkeys are also cool because they are resistant to online attacks, including phishing. The new feature comes just a day ahead of World Password Day, a day that Intel created to stress the importance of creating solid passwords (e.g., not password123).
From a Google Security Blog post:
When you add a passkey to your Google Account, we will start asking for it when you sign in or perform sensitive actions on your account. The passkey itself is stored on your local computer or mobile device, which will ask for your screen lock biometrics or PIN to confirm it’s really you. Biometric data is never shared with Google or any other third party – the screen lock only unlocks the passkey locally.
Unlike passwords, passkeys can only exist on your devices. They cannot be written down or accidentally given to a bad actor. When you use a passkey to sign in to your Google Account, it proves to Google that you have access to your device and are able to unlock it. Together, this means that passkeys protect you against phishing and any accidental mishandling that passwords are prone to, such as being reused or exposed in a data breach. This is stronger protection than most 2SV (2FA/MFA) methods offer today, which is why we allow you to skip not only the password but also 2SV when you use a passkey. In fact, passkeys are strong enough that they can stand in for security keys for users enrolled in our Advanced Protection Program.