How to Set Up and Use Google Passkeys

Google is advancing its vision for a passwordless future by allowing users to generate, store, and sync passkeys through its Google Password Manager. While more secure than traditional passwords, the setup process can be complicated. To create a passkey for your Google account, you can visit g.co/passkeys on a supported device.

For other websites like Best Buy, the process is more involved. You must first log in and save your standard username and password to the Google Password Manager. Only then can you navigate to the site’s security settings to initiate the passkey creation, which Google will then offer to save. Passkeys offer superior security by using asymmetric encryption, meaning your private key never leaves your device, protecting you from phishing and data breaches.

The Drawbacks: Platform Lock-in and Security Concerns

The primary issue with relying on Google for passkey storage is platform fragmentation. Passkeys created within Google’s ecosystem often don’t work seamlessly with Apple or Microsoft devices, creating what the source article calls a “mess.” This lock-in can cause significant friction if you use devices across different operating systems.

Furthermore, while generally secure, there is a potential risk for credentials stored locally by Google Password Manager on Windows. An attacker with physical access to the device could potentially expose your stored secrets. Because of these cross-platform limitations and minor security considerations, a more flexible solution is recommended.

The most effective way to manage passkeys is by using a dedicated third-party password manager like 1Password, NordPass, or Proton Pass. These tools allow you to sync your passkeys across all devices and platforms, from Android to iOS and Windows to macOS, providing true flexibility and avoiding the walled gardens created by tech giants.

Source: https://www.wired.com/story/how-to-use-google-passkeys/