Passkeys for your Google account: what, where, how, and why

Everything you want to know about Google Account passkeys: how they work, why you need them, where to enable them, how to set them up, and what storage options are available.

Google recently announced that it plans to make so-called “passkeys” the default option for logging into Google accounts. So, the next time you sign into YouTube, Gmail, Google Docs, Google Maps, or any other app from the search giant, you’ll likely be prompted to create such a passkey.

In this post, we discuss where you can set up passkeys for your Google Account, what options are available, and what to do if you run into problems. But first, let’s talk about what this technology actually is and how it works.

What are passkeys?

Passkeys (a combination of “pass” + “key”) are developed by the FIDO Alliance, an organization whose mission is to create new authentication standards that will eventually reduce humanity’s reliance on passwords. If you own a hardware access key — often called a YubiKey (as the most popular brand) — you’re already familiar with one of the FIDO Alliance’s developments.

Passkeys are the next step in the evolution of new authentication technologies. Previous FIDO Alliance developments focused on additional authentication factors—secondary login authentication options that work in conjunction with universally hated passwords. Passkeys, on the other hand, are designed to replace passwords entirely, not complete them.

Major tech giants – Apple, Google, and Microsoft – have already integrated support for this technology into their infrastructure and are willing to allow users to skip passwords. In fact, Google is planning to encourage users to do so in the near future.

Unfortunately, the FIDO Alliance has not provided a standard translation of the term “Passkey” from English to any other language. Therefore, companies implementing this authentication mechanism can call it whatever they want without much concern for their colleagues. А has not yet been chosen in French, Portuguese, or even Spanish.

How passkeys work and why all this is needed

Passkeys replace passwords entirely, eliminating the need to create or remember character sequences.

Here’s how it works. When a user registers a passkey with a service, a pair of corresponding encryption keys is created — a private key and a public key. This is called public key cryptography. The basic idea is that if you encrypt something with the public key, it can only be decrypted with the private key.

Therefore, the private key resides on the user’s device, while the public key is sent to the service. These two keys are then used to encrypt the dialog that occurs when the user logs in to the service:

The service sends the request to the user encrypted with the public key, which contains a large number.
The user’s device asks them to verify that they are indeed the user. Typically, this is done through biometrics, such as placing a finger on a sensor or looking into a camera, but a PIN code can also be used.
After successful authentication, the user device decrypts the request from the service with the private key and retrieves the random number from it. Without the private key, no one can properly decrypt the message and obtain the secret number.
Based on this random service request number, the user device creates a digital signature with a specific algorithm—it calculates a new integer—and sends it back to the service.
The service, on its end, does exactly that calculation and compares the results. If the calculated number matches the number received from the user’s device, the request was correctly decrypted. The user therefore has the corresponding private key, and must be authorized to the service.

How to set up access to your Google account with a passkey instead of a password

Now let’s talk about how it all works in practice and how to set up access to your Google account using passkeys. It is very straightforward. Here’s what you need to do:

Go to your Google Account Settings. You can do this through any Google service (such as Gmail) or directly through the Google Chrome browser you already have. To do this, click on your avatar in the upper-right corner of the screen and select Manage your Google Account.

Leave a Comment