Skip to main content

Passkey Authentication

Khang Van
  • Updated

Passkeys are a simple and secure alternative to passwords. With a passkey, you can sign in to your Google account using your fingerprint, face scan, or phone screen lock, such as a PIN.

Important Information:

  • If you add a passkey to your Google account, it will not change or remove any of your current authentication or recovery methods (such as passwords or recovery options).
  • If your account has 2-Step Verification (2FA) enabled, the passkey bypasses your second authentication step, as the passkey itself verifies that you have possession of your device.
  • Your biometric data, such as your fingerprint or face scan, is stored only on your device and is never shared with Google.

Why Should I Use a Passkey?

  • Stronger Protection: Passkeys provide the strongest protection against security threats like phishing. Unlike passwords, passkeys are device-bound. They cannot be written down, shared, or stolen. When you use a passkey to sign in, you're providing to Google that you have access to your device and are able to unlock it -- no passwords required.
  • Convenience: Once you create a passkey, you can easily sign in to your Google account and use it for other supported third-party apps or services, without needing to enter a password or go through a second authentication step.
  • Seamless Sign-In: Passkeys eliminate the need to remember passwords, offering a smoother, more secure way to access your account.

What You Need to Create a Passkey

To create a passkey, you'll need:

  • A laptop or desktop that runs at least:
    • Windows 10
    • macOS Ventura
    • ChromeOS 109.
  • A supported browser:
    • Chrome 109 or newer
    • Safari 16 or newer
    • Edge 109 or newer
    • Firefox 122 or newer
  • Additionally, ensure that:
    • Screen lock is enabled on your device.
    • Bluetooth is enabled if you're using a phone to sign in to a computer.
    • For iOS or macOS users: Enable iCloud Keychain to store and sync your passkeys across devices. Follow the Apple support guide for setting up iCloud Keychain.

For the best passkey experience, make sure your operating system and browser are up to date.

How to Set Up a Passkey

Important: When you create a passkey, you opt in to a password-less sign in experience. Only create passkeys on devices you control. If someone else has access to your device, they could potentially use your passkey to sign into your Google account.

To set up a passkey:

  1. Sign in to your Google account.
  2. Click on your profile icon at the top right, then Manage your Google Account.
  3. In the left navigation panel, select Security.
  4. Under How you sign in to Google, click on Passkeys and security keys > Create a passkey.
  5. Follow the on-screen instructions to add a passkey.

You can create multiple passkeys.

How to Use Your Passkey to Sign In

  1. On your device, go to the Google sign-in page.
  2. Enter your username.
  3. When prompted, verify your identity using the device's passkey (e.g. fingerprint, face scan, PIN).
  4. Follow the on-screen instructions to unlock the device and complete the authentication.

Note:

  • On Android: If you sign out of your device, you can still use your passkey to sign in for up to 6 hours. After this time, you'll need to use another method to sign in, and a new passkey will be automatically created.
  • On non-Android devices: You can sign back in using your passkey at any time, even after signing out.

To Always Use Your Password First Instead of a Passkey

  1. Go to your Google account.
  2. Select Security from the left menu.
  3. Under How you sign in to Google, turn off Skip password when possible.
  4. Once this option is turned off, you'll be asked for your password when signing in. If you're enrolled in 2-Step Verification, you can still use your passkey as the second authentication step.

2-Step Verification (2FA) is Still Available

If you prefer to continue using 2-Step Verification (2FA),  you can still authenticate the traditional way. After entering your username, click on Try another way to use the password option and proceed with your preferred 2FA method (such as text messages or authentication apps).

We recommend that you set up a backup authentication method, such as text message or authentication apps, as your additional authentication factor in case your device is unavailable for passkey authentication.

Remove or Opt Out of Passkeys

If you lose a device where you created a passkey, or if you mistakenly created a passkey on a shared device, you should invalidate the passkey for use with your Google account.

To remove a passkey you created:

  1. Go to your Google account.
  2. Select Security from the left navigation panel.
  3. Under How you sign in to Google, click on Passkeys and security keys.
  4. Select the passkey you want to remove and click on Remove.

To remove an automatically created passkey (on Android):

  1. Go to your Google account.
  2. Select Security from the left navigation panel.
  3. Under Your devices, select Manage all devices.
  4. Find the device you want to remove and select Sign out.

If you see multiple sessions from the same device, you can sign out of all sessions to ensure no access is left from the device.

Related articles

Comments

0 comments

Article is closed for comments.

Powered by Zendesk