How to use access keys in Google Chrome and Android

These access keys use public key cryptography, so if they’re involved in a data breach, they’re useless to bad actors without your face or fingerprint. Similarly, if your laptop or phone is stolen, you won’t be able to access your accounts because you won’t be around to provide the necessary authentication.

This is not just a Google initiative. Organizations such as FIDO Alliance and W3C Web Authentication The group is also busy working towards a password-free future, so you’ll be able to use these systems on any device, whether it’s made by Google, Apple, Microsoft or any other hardware manufacturer.

Setting up and using access keys

The good news is that using passkeys is just as easy as unlocking your phone – it’s meant to be as simple as possible. You’ll be able to choose to switch to a password system for your accounts, but only when the app you’re signing in to and the device you’re using have been upgraded with passkey support.

Let’s say Google has finished rolling out passkey support for Android, you’re signing into an app that’s been updated to use passkeys, and you say yes when prompted to change the default password. You’ll then be asked to create a passkey, which will involve doing the same thing as unlocking your phone – showing your face, pressing your fingerprint, or entering a PIN. It creates a passkey and confirms the connection between the app in question and the device in your hand. Whenever you need to sign in to that app in the future, you’ll have to go through the same unlocking process. As with passwords, how long that authentication takes varies: with your banking app, you’ll usually need to sign in every time, while with a social media account, one sign-in per device is often enough.

You’ll also be able to log into websites on your computer from your phone through the magic of a QR code. The site will display a QR code that you scan with your phone – once you’ve gone through the unlock process on your mobile device, your identity will be verified and you’ll be logged into the site.

Encrypted syncing across devices will also be addressed—Google Password Manager is adding support for access keys, for example, so if you lose access to one device, you can still access your accounts from another or from the cloud, assuming you’re able to secure the necessary authentication (and you haven’t changed your fingerprints or face in the meantime).