Google now lets you create Passkeys for your accounts, here's how to set it up
Google has announced support for Passkeys for user accounts. You can now log in to your Gmail account, or any other Google service, without typing your password.
The Mountain View company had worked with Apple, Microsoft and FIDO Alliance to co-create a platform for Passkeys. Apple already supports the feature on macOS 13 Ventura and iOS 16.
What is a passkey, and is it safe?
A passkey allows you to sign in to your online accounts without using your password. Instead, it uses your device's screen lock, i.e. PIN or device password, or your biometric data such as a fingerprint scanner used by Windows Hello or macOS TouchID, to authenticate the ownership of the account. The same applies to your Android mobile or iPhone's screen lock methods.
The passkey is created and stored locally on your device, i.e. a mobile phone or a computer. The data is encrypted to prevent unauthorized access. When you try to log in to your account, the server asks the device to verify the credentials associated with that account. The device in turn prompts you to enter your screen lock code to approve the request, and once you enter the code or use your biometric sensor, the device checks it with the data stored locally, and gives the green signal to the server to grant access to the account.
Passkeys provide a quick and easy way to log in to your account, you just have to enter your username, you don't have to key in your password. The fact that it completely negates passwords is what makes it special. Passkeys will bypass authenticator apps or other 2FA methods that you may have enabled on your account. Does that mean that your Google account is no longer protected by 2-step verification? No, your account is still protected by 2FA, you may continue using your username and password along with your authenticator app to log in to your account, the Passkey is just an extra option that you can enable.
You could say that a passkey acts as a combination of your password and two-factor authentication, rolled into one feature. And since the passkey never leaves your device, it is a secure way to log in to your account. Google says that passkeys are more resistant to phishing attacks, and are more secure than one-time codes that are sent over SMS text messages.
How to set up a Passkey for your Google account
1. Visit Google's Passkey creation page.
2. The website will prompt you to enter the password for your Google account.
3. Click on the Create a Passkey button.
4. Google will ask you to choose the device that you want to use for creating the Passkey. You can use your computer or mobile phone to create a passkey with your fingerprint, face, or screen lock.
5. Hit the continue button to proceed. Google will ask you to confirm the process by entering your device's screen lock code, or biometric data. That's it, you've set up a passkey.
Try it now. Log out of the account in your browser and sign in again with your passkey. No password required, that's pretty cool.
Though the steps to set up a passkey are identical across all platforms, there are some differences in the way the feature works on computers and phones. The important thing to note here is that your passkey is not synchronized across your devices. Google doesn't support passkey sync, unlike Apple does with iCloud Keychain.
But when you sign in to your Google account on a secondary device, i.e. one that does not have a passkey stored on it, the web page will offer to create a passkey on that device. You may choose to add it by confirming the device's screen lock code. Adding a secondary device is optional, Google advises users not to create passkeys on shared devices.
Wait, how do you log in on a desktop browser if you created a passkey on a phone? Google's login page will display an option that lets you "add a new phone". Select it and the site will display a QR code on the screen. Use your mobile's camera app to scan it, and approve the login process.
A few things to note
Google Passkeys are supported on devices that run on Windows 10, macOS Ventura, ChromeOS 109, iOS 16, Android 9 or above. It is also compatible with hardware security key that supports the FIDO2 protocol. A support page on the company's website claims that Passkeys are only supported on the following browsers: Chrome 109 or above, Safari 16 or up, Edge 109 or later. In truth, it works perfectly fine on all modern browsers, I actually created the Passkey using Firefox. I was also able to use it on Vivaldi, so it should work fine with other Chromium-based browsers.
The Passkey login page that I mentioned above displays options to sign in with an external security key (like Yubikey) or a fingerprint sensor, or to add a new Android phone. The third option can be a little confusing, as you're not adding a new device. Don't worry, it works with iPhones too, just point your camera app at the QR code on the screen and an option to "sign in with passkey" will appear on the screen. Tap on it, and it will authenticate the process using Face ID.
What if you lose your device? A thief wouldn't be able to access the passkey without the device's screen lock code/biometric authentication. You can remove the passkey from the device remotely via your Google account on another device. Please refer to the official support page for more details.
To opt out of signing with passkeys, go to your Google Account's Security page, and disable "Skip password when possible".
Note: Google says that Android devices will automatically create passkeys when you sign in to your Google Account. You have to opt out of it, by removing the device from your account from the Manage Devices page.
A few websites, such as PayPal have already added support for passkeys, and so have some password managers, it is only a matter of time before more of them adopt the protocol. I guess the passwordless future is here.
Have you tried Passkeys?
“Do you use Google Photos?”
I do; I find it impossible not to use Google Photos on the Android phone; nevertheless, the “memory” feature is sort of neat. I’ve seen photos from a couple of years ago that that offer glimpses into the long-ago, forgotten past. It’s a lot like reviewing journal writing. “What was I doing and such and such a date?”
And, I think, when the “memories” are sorted and positioned, one can create a mini-collage with up to eight photos.
It’s so much easier to share photos with people rather than journal entries.
Nifty!
I delete the photos after 1 month of being taken. All of them are erased to return to the black and silent nothingness. Only the best ones are printed and placed in a very nice site at home. :]
I should buy a Chromebook.
None of the big tech companies are good but at least Google are the least dishonest and morally bankrupt of them. They’re always trying to do the right thing if the money allow it.
In reply to “https://www.ghacks.net/2023/08/19/google-keep-is-getting-a-version-history-but-only-on-the-web/” since the website has gone insane and no one can know where thier comment ends up.
This app should be called “Google Keeps it”. Because, they do.
I use Color Notes. No syncing, no internet, just local.
The article said: “[…] positive outcomes of genocide…”. Perhaps the AI was actually discussing the benefits of reading a “Scroll of genocide” … “You feel dead inside.”.
Martin, this post reply is supposed to belong: [https://www.ghacks.net/2023/08/22/googles-ai-search-generates-horribly-misleading-answers/] (given the the database is faulty it could appear anywhere or nowhere).
I have yet to be impressed with AI of any kind. I think it’s overhyped and not ready to live up to it.
How to use AI: Avoid the artificial stupidity at all times.
“When searched “Why guns are good,” it also prompted questionable responses, including potentially questionable statistics and reasoning. ”
Based on whose reasoning? These sorts of assertions are generally bullcrap intended to advance an agenda. If you don’t like guns, say so. Meanwhile, there are 400 million firearms in the US owned by close to a third of the population and around 20 million carry concealed.
So your opinion is not shared by a LOT of people who either enjoy firearm spots or are concerned about self-defense or both.
Wow. Ghacks still hasn’t fixed the broken comments system where old comments from a different article appear. Sad to see you slowly turn to dust since the buyout.
@Seeprime,
For over two weeks now,
I’ve been seeing “Comments” posted by subscribers appearing in different, unrelated articles.
https://www.ghacks.net/windows-11-update-stuck-fixed-for-good/#comment-4572991
https://www.ghacks.net/windows-11-update-stuck-fixed-for-good/#comment-4572951
For the time being,
it would be better to specify the “article name and URL” at the beginning of the post.
This guns comment came up in the Pixel watch repair post and I was bewildered as to what was the connection between the two.
goog = skynet
“human beings” = \slaves\
This info is so NOT correct.
I so do not want google in my life that I have NEVER downloaded chrome and I do NOT have ANY google accounts.
My browser is set to clear all cookies, cache and history every time I close it, which is every day, and I still get these world takeover login prompts on every site I go to.
So I CANT go to google accounts and turn it off.
If this info were truly accurate I wouldnt be getting these pop ups AT ALL.
Thanks @Ashwin for the article! :]
Anyone who continues to use these big tech scum’s cloud services deserves what they get.
Given Ghacks’ comments’ database problems I precise :
I’m commenting the article “Google is in trouble with YouTube Shorts – gHacks Tech News” by Emre Çitak
at [https://www.ghacks.net/2023/09/04/googles-youtube-shorts-problem/]
—
About the article’s question, “What do you think about YouTube Shorts?” (BTW first time I read here any other writer other than Martin Brinkmann directly asks the audience it’s opinion, and that’s just fine) :
YouTube Shorts may suit smartphones (which I don’t use) but on a PC they are not my cup of tea, to put it mildly.
From what I read a bit everywhere, opinions are shared : love or hate. For those who dislike many scripts and dedicated browser extensions have been developed to handle them (removal or redirect to standard video display).
I don’ view YouTube videos on YouTube but via a Piped or a Piped-Material YouTube front-end instance and these offer on search results and on channels the option to view Videos-Shorts-Livestreams-Playlists-Channels ; well, I practically never open the ‘Shorts’ display. I don’t like shorts (except in summer, hmm), I dislike the concept, fast-videos after fast-food, fast, faster … to bring what? Emptiness, IMO
Does that answer your question, @Emre Çitak :)
I despise YouTube Shorts. So much in fact, I use custom adblock rules in Brave Shields to remove that crap.
youtube.com##ytd-grid-video-renderer:has([href*=”shorts”])
youtube.com###dismissible:has([href*=”shorts”])
There’s an extension for Firefox and Chrome browsers called “Youtube-shorts block”, re-opens the video in a normal window. :)
https://addons.mozilla.org/en-US/firefox/addon/youtube-shorts-block/
https://chrome.google.com/webstore/detail/youtube-shorts-block/jiaopdjbehhjgokpphdfgmapkobbnmjp
ps. say NO to Shorts, it only encourage shooting vertical-videos which doesn’t go well with many desktop displays… except when shooting vertical objects, such as ahem… pretty ladies. :)
Page source shows that ghacks is still using WordPress as the platform. Knowing, more or less, how it works at the DB level I am not sure how one could mess up comments this badly. It is actually very difficult.
Google is the big leader of everything. Indeed it can actually buy Amazon, Disney, Netflix, X and whatever other company. I wonder what could happen if Google starts to build airspace ships in order to conquer the Moon. I bet that Google would be the first to offer free WiFi at the Moon. Please fix the comments.
This comment is inside the article:
[https://www.ghacks.net/2023/09/04/what-is-google-synthid-and-how-does-it-work/]
This “analysis” is disappointingly shallow and trivial. Why not include other factors like job level, responsibilities, full-time/part-time, qualifications, etc.? Because the conclusions probably wouldn’t fit the current leftist/feminist narrative. You don’t find what you don’t look for.
Misleading statistics.
Wage should be based on the amount of time, works, thinking (brain > muscle), responsibilities etc
Not skin pigmentation or your genitalia. There could be correlations, but not causations.
“Google maintains that it provides a superior product”
That is also Mozilla’s official position in defense of Google against the people, on that question of search engine abuse of dominant position by Google.
The funniest part is that not only it’s false regarding actual competitors, but even among not-actual-competitors there are meta-search engines that use exactly the same engine, just minus the tracking, so Google is clearly the inferior one compared to those already. But maybe what Google is saying is that it is the surveillance and bubbling that would make their engine superior. False again even without considering the damage those do.
“Google increases Chromebook support to 10 years”
I mean that’s great and all, but imagine using a browser-based, highly internet-dependent OS such as chrome. I’ve never used chromeOS but have seen it in person and read about it, just seems like ultra-limited user experience which relies on the concept that “most things can be done in a browser”.
What is there to support? It just a glorified web browser.
“Google launched Chromebooks in 2012 as low-cost devices and the company has had great success in the education world, especially in the United States.”
Happy tracking for all those unsuspecting children. And help normalize surveillance for those young brains. Well done Google.
No, AltaVista’s Search engine wasn’t difficult to use in the mid-nineties, and Yahoo didn’t own AltaVista either during the 1990s. Yahoo!, was a Web Directory. I was alive then and have actually used those engines, during that era, I should know if they were easy to use. So tell the angels what you’ve seen, scarecrow shadow on the Nazarene.