Google unlocks passkeys support for Workspace
After having enabled passkeys support for personal Google accounts last month, Google has now unlocked support for passkeys for Workspace customers and environments.
Passkeys is an upcoming authentication standard that replaces traditional passwords with cryptographic keys. These keys are generated on the user's device and a private part of the key never leaves it. Users who have set up passkeys for an account do not need to enter passwords anymore when they sign-in. Instead, they verify the request locally by entering their device's PIN or through biometric authentication.
Passkeys void common forms of attacks against passwords, including phishing and brute forcing. Support is still in the works on some platforms, e.g., Android 14 will introduce support for storing passkeys using third-party apps, such as password managers, and that is also true for synchronization functionality.
In Google's case, it is possible to authenticate using a mobile device on new devices for which passkeys are not available yet. This is done by scanning a QR code that is displayed on the new device using the phone's camera.
Passkeys support for Google Workspace
The feature has beta tags currently and Google explains on a support page how administrators may enable passkeys for users of their organization.
Passkeys allow users of an organization to authenticate without having to enter account passwords or verifying the sign-in using two-factor authentication. Authentication happens using a mobile device, a security key, or the computer's screen lock protection.
Administrators need to enable the skip passwords option in the Google Admin console. Here is a step-by-step guide on enabling the "skip passwords" feature in the admin console:
- Open the Admin console.
- Navigate to Menu > Security > Authentication > Passwordless.
- Select "Skip passwords".
- Optionally, select "Allow users to skip passwords at sign-in by using passkeys" to allow users to skip password challenges during sign-in.
- Select Save to complete the process.
Users who have created passkeys may continue using them for authentication, even if an administrator turns off the feature at a later point in the admin console. Note that the password challenge is not skipped in that case, and that the passkey may be used for that second step of authentication then.
Users will need to enable the passkeys feature for their accounts then by creating a passkey for the account.
Google has another support page that explains in detail how users can do so. The page lists current requirements and the necessary steps to generate a passkey for the account and start using it.
Google Workspace users still need to enable passkeys manually for their devices after administrators enable the feature; this is a hurdle that is likely affecting migration to the new authentications standard.
Now You: passkeys or passwords, which do you prefer, and why?Advertisement