Google has taken a significant step towards the supposedly passwordless future by introducing passkey-only Google accounts. In a blog post titled “The beginning of the end of the password,” Google announced the support for passkeys across all major platforms. The passkey authentication method may replace passwords in the future and is a new way to log in to apps and websites.
A passkey allows the operating system to directly swap public-private keypairs with a website to authenticate the user. Google has demonstrated how the passkey system will work on a phone. Instead of a password, the system will ask for a fingerprint to unlock the passkey system, and the user is logged in. Google’s passwordless support will be available on consumer devices, while business Google Workspace accounts will have the option to enable passkeys for end-users soon.
However, passkeys still have some hurdles to cross before they become widely adopted. The first issue is that not all platforms are as far along as others. The official passkeys.dev site has a helpful page that tracks platform-by-platform readiness, and there’s still a long way to go. The second issue is that passkeys sync via the operating system ecosystem, not via a browser, which represents a major regression over the way passwords work. Passkeys are “synced to all the user’s other devices running the same OS platform,” according to the FIDO Alliance page.
1Password, which is part of the FIDO Alliance, has confirmed that passkeys on other platforms require the user to use a device from the same ecosystem to authenticate. Syncing with other operating systems or sharing passkeys requires tedious workarounds, like QR codes, resulting in a more complicated and less secure experience.
Google’s move towards passkey-only Google accounts is a significant step towards a passwordless future. However, passkeys still have a long way to go before they become widespread. While some platforms are further along than others, passkey syncing across different operating systems remains a major hurdle. Google and other Big Tech companies need to work towards making passkeys as seamless and convenient as passwords to ensure their ubiquity.