These passkeys use public-key cryptography, so if they're involved in a data breach, they're useless to bad actors without your face or fingerprint. Similarly, if your laptop or phone gets stolen, your accounts can't be accessed because you won't be around to provide the necessary authentication.
This isn't just a Google initiative. Organizations such as the FIDO Alliance and the W3C Web Authentication group are busy working toward a passwordless future, so you'll be able to use these systems across any device, whether made by Google, Apple, Microsoft, or any other hardware maker.
Setting Up and Using Passkeys
The good news is that using passkeys is as easy as unlocking your phone—it's intended to be as straightforward as possible. You'll be able to choose to move to a passkey system for your accounts, but only when the app you're logging in to and the device you're using has been upgraded with passkey support.
Let's say Google has finished rolling out passkey support to Android, you're logging in to an app that has been updated to use passkeys, and you've said yes when prompted to switch from a standard password. You'll then be asked to create a passkey, which will involve you having to do the same action you do to unlock your phone—show your face, press down your fingerprint, or enter a PIN. That creates the passkey and authenticates the link between the app in question and the device in your hand. Whenever you need to log in to that app in the future, you'll need to go through the same unlock process. As with passwords, how long that authentication lasts will vary: With your banking app, you'll usually have to log in every time, whereas, with a social media account, one login per device is often enough.
You'll also be able to log in to sites on your computer through your phone via the magic of a QR code. The site will display a QR code that you scan with your phone—once you've gone through the unlock process on your mobile device, your identity will be confirmed, and logged in to the site.
Encrypted synchronization across devices will also be handled—Google Password Manager is adding support for passkeys, for example, so should you lose access to one device, you can still get at your accounts from another one or the cloud, assuming you're able to provide the necessary authentication (and you haven't changed your fingerprints or face in the meantime).
Bob Thompson is our inhouse Home and Garden, Energy and Gaming news writer. Bob is keenly aware of the need to recycle. Bob has written for many online publications over the course of his writing career, before joining our team.