A year after first making passkeys available for developers in Android and on Chrome, Google LCC announced today that it’s now giving all users the ability to set up their own passkeys by default.

Passkeys are a type of authentication credential that allows users to log in to sites and services without having to enter a password. Built on the WebAuthentication standard, passkeys use public-key cryptography to provide a more secure and convenient way to authenticate logins without the inherent risk of regular passwords.

Passkeys are more secure than passwords because they’re not human-readable, so they cannot be stolen through phishing attacks. Passkeys are also unique to each website or service, so if one website is compromised, other passkeys are still safe.

Google has been a strong backer of passkeys, having first provided the option to user accounts in May and then later extending them to Google Workspace in June. The rollout of passkeys by default today will see all Google users being prompted to create and use passkeys when they sign into their Google account. Passkey support is already available on Android.

“We’re seeing many leading websites and apps join the move to passkeys, so you can go passwordless with your Google Account and beyond,” Google product managers Christiaan Brand and Sriram Karra said in a blog post.

The pair also gave an update on how Google’s “passwordless journey” is going, writing that since extending the ability to create passkeys to apps such as YouTube, Search and Maps, more than 64% of Google users find passkeys easier to use compared to traditional methods like passwords and two-factor authentication, while more than 62% said they felt more secure.

The reason people are said to be pleased with passkeys is because they’re 40% faster than passwords and only require the method used to unlock devices, such as fingerprints, face scans and personal identification numbers.

Although users will be prompted to create passkeys when logging into their Google accounts by default, the company isn’t making them compulsory, at least for now. When prompted to create a passkey, users can still use a password to sign in and can opt out of being prompted to create a passkey by turning off “skip password when possible.”

“Biometric verification enhances the user experience by streamlining identity verification procedures,” noted Eduardo Azanza, chief executive of the biometric identity verification platform Veridas. “Biometrics swiftly verifies and authenticates users in mere seconds, sparing them the frustration typically associated with password-based authentication.”

Image: Google