Google passkeys now default for users in shift away from traditional authentication

Google has announced that passkeys, a type of passwordless authentication, will now be offered as the default method for users signing into accounts. 

Users will begin seeing prompts to create and use passkeys from now on under the new focus, the tech giant announced in a statement yesterday. 

The option to choose passkeys means users will be able to “skip passwords” and offers a more simplified sign-in process. Google said using passkeys is significantly faster than traditional login methods. 

Passkeys will require biometric scans or a designated pin to unlock devices, the firm said. 

“To use passkeys, you just use a fingerprint, face scan or pin to unlock your device, and they are 40% faster than passwords — and rely on a type of cryptography that makes them more secure,” said Google

The company added that although passkeys will now be the default, for now they won’t be mandatory. 

“While [passkeys are] a big step forward, we know that new technologies take time to catch on — so passwords may be around for a little while. That's why people will still be given the option to use a password to sign in and may opt-out of passkeys.”

Google passkeys shift

Google’s shift away from traditional authentication methods has been a months-long process. In May 2023, the company began rolling out passkeys, which it said is specifically focused on improving account security for users. 

In the intervening five months, users have adopted the new method on a range of Google-owned applications, such as YouTube, Search, and Maps, the company said, adding that it has been “encouraged by the results” so far in terms of user reception and uptake. 

Veridas CEO Eduardo Azanza welcomed the announcement, adding that passkey authentication represents a step change in user security practices. 

“The move by Google to set passkeys as the default sign-in credential is a strong message that we are moving toward a passwordless future,” he said. 

“Traditional password systems have been shown to fail time and time again, as huge volumes of credentials are stolen every day. As the digital threat landscape evolves, cyber security and online practices must evolve with it.”

“Simplified” authentication

User security isn’t the only reason behind the Google passkeys shift. The tech giant said that this method offers a far more simplified and streamline log-in process compared to traditional practices. 

“One of the most immediate benefits” of passkeys, Google said, is that it allows users to avoid remembering a multitude of password combinations when logging into their accounts. 

Azanza echoed Google’s thoughts on the matter, noting that the use of biometric authentication greatly reduces the at-times laborious process of authentication. 

“Biometric verification enhances the user experience by streamlining identity verification procedures,” he said. “Users no longer need to remember numerous passwords, undergo password resets due to forgetfulness or endure lengthy dual authentication processes.”

“Biometrics swiftly verifies and authenticates users in mere seconds, sparing them the frustration typically associated with password-based authentication.” 

Are passkeys more secure than passwords?

Passkeys are widely viewed as a more secure and convenient method of authentication. Research from the FIDO Alliance suggested this method offers marked improvements to account security and can be vital in curbing the threat of phishing attacks.  

A key advantage of passkeys is the way in which they work compared to traditional passwords. Whereas traditional passwords rely on memorizing information that can be stolen or intercepted, passkeys rely on public key cryptography. 

This involves generating a private key, which can be stored on a user device, while a public key is uploaded to the cloud. 

In using this authentication method, users can greatly improve account security from threats such as phishing as an attacker would require physical access to a device to access an account.