Google Workspace is enabling the use of passkeys as a simpler and safer alternative to passwords to sign-in to Google Accounts. Additionally, Workspace admins can now allow users to use passkeys to skip passwords at sign-in for Workspace apps — this feature gives users the option to skip entering their password and sign-in with passkeys using a fingerprint, face recognition, or other screen-lock mechanism across phones, laptops, or desktop.
This feature is available as an open beta, which means admins can use it without enrolling in a specific beta program.
Passkeys have been designed with user privacy in mind. When a user signs in with a passkey to their Workspace apps, such as a Gmail or Google Drive, the passkey can confirm that a user has access to their device and can unlock it with a fingerprint, face recognition, or other screen-lock mechanism. The user’s biometric data is never sent to Google’s servers or other websites and apps.
Admins and end users
Why you’d use it
Passkeys are a new, passwordless sign-in method that can offer a more convenient and secure authentication experience across websites and apps. Passkeys are based on an industry standard and available across popular browsers and operating systems that people use every day, including Android, ChromeOS, iOS, macOS, and Windows. Google early data (March - April 2023) shows that passkeys are 2x faster and 4x less error prone than passwords.
Passkeys are based on the same public key cryptographic protocols that underpin physical security keys, such as Titan Security Key, and therefore can be resistant to phishing and other online attacks. In fact, Google research has shown that security keys provide a stronger protection against automated bots, bulk phishing attacks, and targeted attacks than SMS, app-based one-time passwords, and other forms of traditional two-factor authentication (2FA). For a closer look at how passkeys work under the hood, check out our technical blog post.
- Admins: Admins can allow users in their organizations to skip passwords at sign-in using a passkey. By default, this setting is off, which means that users can’t skip passwords during sign-in, but can still create and use passkeys as a 2-Step Verification (2SV) method. To allow users to skip passwords, administrators can follow these simple steps in the Admin console.
Admins can turn on / off the ability to use passkeys to skip passwords in the Admin console under Security > Passwordless.
If enabled by your admin, you can opt to skip password entry in your account settings.
- Rapid and Scheduled Release domains: Gradual rollout (up to 15 days for feature visibility) starting on June 5, 2023
- Available to all Google Workspace customers and Cloud Identity customers