Introduction
Historically, locking down your personal accounts online means setting up a complex password that you have to store in a password manager and then having to open an authenticator app to get a secret code that changes every 60 seconds. However, large tech companies, such as Apple, Google and Microsoft, are starting to make this a little less painless by letting people use passkeys as part of their authentication. After you set up a passkey for your account on a device, that key only ever lives on that device. As a result, you only need to enter one other piece of information to authenticate — making it both more secure, and more convenient. Google makes it easy to create and use a passkey for your Google account on your personal devices you use to access Google services. To be clear, you should not set up passkeys for your Google account on shared or public devices. When you do that, anyone who can unlock those devices will be able to access all of your Google account information.
Some of the images associated with the steps are included inline below. All images associated with these steps can be seen in the embedded YouTube video. Also, please note that you’re not able to leave a comment directly on this article. If you have a question or feedback, please leave it on the YouTube video.
Steps to Create a Google Account Passkey
- Open a web browser on the device you want to set up a Google passkey on and then navigate to the Google Passkeys website. Log in to the Google account you want to set up a Google passkey for when prompted. You’ll land on your Google Account Passkeys screen.
- Click “Create a Passkey.” A window pops up letting you know that the next time you sign in to Google on this device you’ll use your fingerprint, face or screen lock to verify that it’s really you.
- Click “Done” in this message. The next window will give you more information about passkeys. Click “Continue” after reviewing this information. You’ll be prompted to provide a fingerprint, face or screen lock information to confirm your identity.
- Click “OK” after confirming your identity. The next window will let you know that your passkey has been created on this device. You’re now able to use your fingerprint, face, or screen lock information to verify your identity to use your Google account on this device.
- Click “Done.” You’ll return to the Passkeys screen, where you’ll now see your new Google account passkey has been created for this device. As a reminder, passkeys are device specific, so if you have other devices you want to set up a Google account passkey for, you’ll need to do that separately.
How Are Passkeys Different from Passwords?
1. Complexity and Length
Passwords are typically longer and more complex than passkeys. They often require a combination of uppercase and lowercase letters, numbers, and special characters. Passwords are designed to be difficult to guess or crack through brute-force attacks. In contrast, passkeys tend to be shorter and simpler, consisting of a sequence of characters or a single word. They are usually used in conjunction with other factors for authentication, such as biometrics or hardware tokens.
2. Usage and Context
Passwords are commonly used in various contexts, such as logging into online accounts, accessing computer systems, or unlocking encrypted files. They are typically entered manually by the user. Passkeys, on the other hand, are frequently used in scenarios where additional security measures, such as hardware keys or biometric factors, are present. For example, passkeys may be used in combination with a physical smart card or a fingerprint scanner to gain access to restricted areas or secure systems.
3. Storage and Protection
Passwords are often stored in hashed or encrypted form on servers or databases. Organizations typically follow security best practices, such as salting and hashing, to protect user passwords from unauthorized access. Passkeys, on the other hand, may be stored directly on a physical token or a hardware device. They are often used in combination with other authentication factors, making it more difficult for an attacker to gain access even if the passkey itself is compromised.
Why Are Passkeys Considered More Secure Than Passwords?
1. Complexity of Passkeys
Passkeys offer a superior level of complexity compared to traditional passwords. They are often comprised of lengthy, random character strings. Such complexity makes passkeys incredibly difficult to predict or decipher, even with advanced brute-force methods. As a result, they provide a robust defense against potential cyber threats.
2. Reduced Human Interaction
The system-generated nature of passkeys minimizes human involvement. Human errors are a significant vulnerability in cybersecurity. Passkeys help to mitigate these risks. Individuals aren’t tasked with creating or remembering passkeys. This removes the risk of weak passkeys being chosen or confidential information being inadvertently shared.
3. Single-Use or Limited Use Advantage
Passkeys often have a single-use or limited-use characteristic. This ensures that even if a passkey falls into the wrong hands, its usage is limited. It quickly becomes obsolete, rendering it useless to potential attackers. This trait provides an additional layer of security and enhances data protection.
4. Automated Rotation of Passkeys
Automated rotation is another attribute of passkeys. They can be programmed to change at regular intervals. This means an attacker’s window to misuse a passkey is very short. Regular changes in passkeys keep potential threats on their toes, thus fortifying security.
5. Incorporation of Biometrics
Passkeys can integrate biometric data. Biometrics, like fingerprints or facial recognition, are unique to each individual. Integrating these data points into a passkey system makes it even more secure. It adds a barrier that is tough for attackers to cross, making unauthorized access significantly more difficult.
6. Avoidance of Common Password Pitfalls
Passkeys effectively dodge common password pitfalls. They eliminate issues such as password recycling across multiple sites or infrequent password updates. By doing so, they safeguard digital resources more efficiently. The design of passkeys inherently circumvents common password errors, enhancing their security potential.
7. Resistance to Phishing
Passkeys provide resistance against phishing attempts. Since users don’t manually enter passkeys, the chance of being tricked into sharing them is reduced. This protective feature is particularly beneficial in today’s digital age, where phishing attacks are common. Thus, passkeys contribute to a safer online environment.
