On May 3, 2023, Google published a pair of blog posts titled “The beginning of the end of the password” and “So long passwords, thanks for all the phish” to announce it was adding a password alternative called a “passkey” to Google accounts.
People began searching for “Google passkey” soon after, while tech blogs wrote headlines that said, “Your Google Account is getting rid of its password.”
Has Google replaced passwords with passkeys?
No, Google hasn’t replaced passwords with passkeys.
WHAT WE FOUND
Google has not replaced passwords with passkeys, and passwords remain a sign-in option even for people who choose to use passkeys. Still, Google does have plans to eventually phase out passwords entirely, it just hasn’t set a deadline for when it will and has no plans of doing so soon.
A passkey is a method of signing in to apps and websites by unlocking your devices, whether that’s with a PIN, fingerprint or face scan, says the FIDO Alliance, a web industry association dedicated to reducing password reliance.
Google, which is a member of the FIDO Alliance, says it wishes to “move beyond passwords altogether” and is therefore setting the stage for a “passwordless future.” This future, however, is not today.
“Creating a passkey on your Google Account makes it an option for sign-in,” Google said in its security blog. “Existing methods, including your password, will still work in case you need them, for example when using devices that don't support passkeys yet. Passkeys are still new and it will take some time before they work everywhere.”
You also have the option to opt out of using passkeys entirely, according to a Google support page. This doesn’t get rid of the passkey itself, but it does require all future sign-ins to use a password, plus two-factor authentication if the user has it enabled.
A spokesperson for Google told VERIFY in an email that there is currently no set timeline for when Google will phase out passwords. Because passkeys are still new, it will take some time before they work everywhere, the spokesperson said.
Google argues that passkeys are more secure than passwords, even with two-factor authentication.
“Unlike passwords, passkeys can only exist on your devices,” Google said in its security blog. “They cannot be written down or accidentally given to a bad actor. When you use a passkey to sign in to your Google Account, it proves to Google that you have access to your device and are able to unlock it.”
With a passkey, you connect an account with a physical device, such as a phone or computer, the FIDO Alliance and Google explain. The account shares an encrypted code or “key” with the device, allowing you to log in to your account anywhere by unlocking that device. You can have different passkeys for different devices or the same passkey can be shared with multiple devices. If your phone is synced with your computer or vice versa, they will automatically share their passkeys between them.
You also don’t need to share or create a passkey with a device to log into an account that uses passkeys in place of passwords, Google says. If you don’t give a device a passkey, then when you log in you will get a notification sent to a nearby device that does have the key, such as your phone. You’ll be able to log in once you’ve unlocked your phone and confirmed you’re the one signing into the account.