Google Passkeys: what is a passkey, setup explained, are they safe - what's happening to password logins?

Google is continuing its drive to make traditional online passwords a thing of the past, as it announces that its apps and services will now be "passwordless by default".

The move - which applies to products like YouTube and Maps among many others - reflects a broader trend in the tech industry to move towards passkeys, a more secure and faster login process than passwords.

Passkeys were first introduced to Google services earlier this year, but now the tech giant is offering the login option by default across personal Google accounts.

They use biometrics - like a fingerprint or face scan - or a pin to unlock your device, and can be 40% faster than passwords, which typically involve typing in a word or series of characters. In terms of security, Google says passkeys "rely on a type of cryptography that makes them more secure."

Google says that one of the major benefits to passkeys is that "they spare people the headache of remembering all those numbers and special characters in passwords."

How to setup your Google passkey

While passkeys are more secure and less prone to theft of phishing than traditional passwords, Google recognises that it may take a while to get users to completely ditch a security step that has been in place for decades.

In order to make future sign-ins simpler, Google users will start seeing prompts to create and use passkeys the next time they sign into an account. Additionally, a "Skip password when possible" option will be enabled in your Google Account settings.

"People will still be given the option to use a password to sign in," says Google, "and may opt out of passkeys by turning off 'Skip password when possible.'"

The company says it wants to make passwords "rarer", and eventually "obsolete".

What are passkeys?

The key difference between passwords and passkeys lies in their complexity, usage and context, and passkeys are typically shorter and easier to input than traditional complex passwords.

They utilise biometrics and other personal data for authentication, and offer a more secure sign-in process since information such as fingerprints, facial recognition or iris scans are unique to each individual, making it more challenging for unauthorised users to gain access.

Traditional passwords can be shared among users or written down, increasing the risk to various attacks of unauthorised access, while passkeys based on biometrics are less vulnerable to these types of attacks because they rely on unique physical or behavioural traits.

They are also often more convenient to use than passwords, as users don't need to remember or input complex character combinations. Instead, they can simply present their biometric data (e.g., fingerprint or face) for quick and seamless authentication.

Users often struggle with password management, including remembering complex passwords for multiple accounts and services, but biometric passkeys can alleviate this burden by eliminating the need for memorisation.