Passkeys (access keys) offer many advantages: no need to memorize them (no more “abracadabra” and “123soleil”!), they are robust by nature, reduce the risk of data leaks and are resistant to phishing. Besides, hackers prefer classic passwords, it’s much less tough for them! So what’s stopping you from setting up a passkey on your Google account? Let’s go !
Passwords have always been a necessary evil, giving you the choice between using one that’s too simple (to remember easily) or one that’s obscure enough to be secure, but complicated enough to require a password manager.
Until now, the best way to secure your accounts was to pair a password with two-factor authentication (2FA). But now Google is offering another solution: using a passkey. Here, we explain what it is and how to use it.
What is a passkey?
The access key, or pass key, is a new way to sign in to an account, whether on a website or an app. It is a modern alternative to the traditional password, which aims to replace it in the long term.
Access keys are not traditional passwords. They are based on pairs of cryptographic keys, a technique related to asymmetric cryptography. This system requires two keys: a private key (to be kept secret) and a public key (to be shared). This approach is commonly used in IT security, such as in end-to-end encryption of applications such as WhatsApp or Signal.
Why switch to a passkey instead of a password?
Access keys, or passkeys, offer several advantages over traditional passwords:
- No need to remember them: private keys are stored only on a user’s devices, which serve as passkey managers. They take care of memorizing these keys for you.
- Core Tough: Passkeys are long, strong, and unique, making guessing them very difficult.
- Less vulnerable to data leaks: Servers only host public keys and not private keys, making them less attractive to hackers.
- Phishing protection: Without passwords to steal, phishing attempts become useless. Passkeys are linked to the specific application or site for which they were created, preventing attacks via fraudulent sites or booby-trapped applications.
You want to try ? Here’s how!
Currently, you can create a passkey on any compatible hardware, including laptops/desktops with Windows 10, Windows 11, or macOS Ventura (or later) with browsers like Chrome 109, Safari 16, or Edge 109 or later version. If you are setting up a passkey on a mobile phone or tablet, it must work on iOS 16 or Android 9 (or later). You can also use it with any hardware security key that supports the FIDO2 protocol.
You’ll also need to turn on the screen lock, and if you want to use your phone to connect to another device, like a laptop, you’ll also need to turn on Bluetooth.
Finally, it only works on personal Google accounts (for now). In short, here we go!
- Start by going to g.co/passkeys
- If you have an Android phone already logged in to this account, you may have been automatically registered for an access key. If so, the device will be listed under Automatically created access keysand you can just click the blue button Use Access Keys.
- If you have an iPhone, tap on “Create a passkey”, then “Use another device” and finally, scan the QR code displayed with your camera. You will then need to log in with Face ID from your iPhone or iPad.
- You can create multiple access keys, smartphone, PC, even a password manager like Dashlane are able to handle the passkeys.
When you connect to your Google account, you can therefore validate the connection using your configured access keys.