For a long time, usernames and passwords have been how we log in to accounts online. Usernames are out in the open for everyone to see, but passwords are meant to be private and hard to guess. This means passwords are often hard to remember so many people end up using the same password for different accounts. Reusing passwords is not safe since it only takes one data breach to expose passwords used on many sites.
Google is trying to fix this problem by making “Passkeys” the new default way to sign into personal Google accounts. A Passkey uses things like your fingerprint, face scan, or device PIN to unlock instead of a hard-to-remember password. When you try to log in somewhere next, Google will prompt you to set up a Passkey. You can still choose regular passwords if you want.
So how do Passkeys work? Sites like Google, YouTube and Search store a public key that identifies your account. Your phone or laptop stores a unique private key only it can see. When you try to log in, the site sends a request that your device solves using the private key, but without sharing the actual key. This proves to the site who you are without needing to enter a password.
Passkeys are more secure than passwords because they can’t be reused or stolen in data breaches. Private keys also stay safely on your device instead of being stored in the open on company servers. Google joining the Passkey train means more people and popular sites will likely follow suit. Pretty soon logging in with Passkeys instead of passwords may just become the new normal online.
