All products featured on WIRED are independently selected by our editors. However, we may receive compensation from retailers and/or from purchases of products through these links. Learn more.
Google wants you to start using passkeys. Its vision is to “progress toward a passwordless future,” allowing you to store passkeys in the Google Password Manager service. For websites that support the login method, Google now allows you to generate, store, and sync passkeys. The problem is actually finding a consistent way to do it.
It’s easy to change your password, but it’s not so easy to add passkeys to an account you’ve already created, much less manage them solely in your browser. Still, you can use passkeys with the Google Password Manager on supported websites; you’ll just need to jump through a few hoops first.
How to Set Up a Passkey for Your Google Account
You can learn more about passkeys here, but in short, they’re a method to confirm you are who you say you are so that you don’t have to remember a long password for every app and website you log in to. You can use a passkey for your Google account, but you can also store passkeys for other websites with the Google Password Manager, which is available on Chrome or directly through Android.
To use a passkey with your Google account, go to g.co/passkeys and follow the prompts. You’ll log in to your Google account and create a passkey, either bound to your device or stored in a third-party password manager. If you aren’t using a third-party password manager, your Google passkey will be bound to the device you’re using. Apple devices sync your passkeys across other Apple devices with iCloud Keychain, but otherwise you’ll need the device you created the passkey on to log in.
Creating a passkey for your Google account is simple. What’s important is that you’re doing it on a device that supports passkeys. Here’s what you need:
- A computer with Windows 10, macOS Ventura, ChromeOS 109, or newer; or a phone with iOS 16 or Android 9, or newer;
- A supported browser (Chrome 109, Safari 16, Edge 109, Firefox 122, or newer).
Once you’ve made a passkey, you can manage it at myaccount.google.com. There, select Security, and then choose Passkeys and Security Keys to see the passkeys you have. You can—and likely will, if you aren’t using a third-party password manager—have multiple passkeys for different devices, even if they’re used to log in to the same account.
How Safe Are Google Passkeys?
A passkey for your Google account is generally safer than using a password. Passkeys rely on asymmetric encryption with a public-private key pair, and only you have access to your private key. Even in the event of a breach or phishing scheme, an attacker can’t access your account without your private key, which never leaves your device.
A password uses symmetric encryption, and it’s what you’d call a “shared secret” in the world of cybersecurity. With a password, Google needs to store an encrypted copy on its servers, opening up the potential of a breach. Further, you need to remember your password, which opens the door for phishing and social engineering attacks.
Is It Safe to Store Passkeys in Google Password Manager?
The Google Password Manager available through Chrome stores your logins locally on your device. It can sync your logins across devices, but an encrypted copy is kept locally. A file containing your encryption key is also available locally, and combining the two files with a Python script and a little know-how can expose your passwords on Windows.
Someone would need access to your device for this kind of attack, which isn’t likely on a desktop, but it’s worth keeping the risk in mind. If you travel often or could have your device easily lost or stolen, it’s a good idea to store passkeys elsewhere, such as in a password manager.
Should I Use a Password Manager for Passkeys?
You can create and manage passkeys on Windows through Windows Hello, on macOS and iOS through iCloud Keychain, and on Android or in your browser through Google Password Manager. However, using a third-party password manager like Proton Pass or 1Password makes things a lot easier.
An external password manager allows you to sync your passkeys across devices, and they’re bound to the password manager itself, rather than your device. If you have a device that’s authenticated with your password manager, you can access your passkeys, too.
How to Use Passkeys With Google Password Manager
Google would like you to believe that saving passkeys in the Google Password Manager happens almost magically. You sign in to or sign up for an account, Google steps in and asks if you want to save a passkey, and you’re done. Google even says it can upgrade accounts stored in Google Password Manager automatically with passkeys.
The process, unfortunately, is more involved. First, you need to enable passkeys for the Google Password Manager. Open Chrome, and follow these steps:
- Click the three dots in the upper right corner;
- Hover over Passwords and Autofill and choose Google Password Manager from the menu;
- In the tab that opens, choose Settings;
- Ensure the Offer to Save Passwords and Passkeys setting is turned on.
Google via Jacob Roach
Now, we need a website that supports passkeys. There are a handful of different directories online—Hanko’s directory is the easiest, but this community directory is more comprehensive. I’ll use Best Buy for this example, which supports passkeys.
To set up a passkey with Google Password Manager, you need your credentials for the service in question already stored. For Best Buy, go to the website and log in. When the Google Password Manager prompts you, choose to save your username and password in Google Password Manager.
With that done, follow these steps on the Best Buy website:
- Select the drop-down for your account name, and choose Account Settings;
- Under the Account Security box, choose Passkey (Face or Fingerprint Sign-In);
- Select Create a Passkey.
Google via Jacob Roach
Once you create a passkey, a pop-up will appear asking you to verify your identity with another device logged in to your Google account. If this is the first passkey you’re creating with Google Password Manager, you’ll also need to set up a PIN.
Every service is a bit different, but you need to initiate the passkey creation from the service you want a passkey for, not from Google Password Manager. Once the passkey is stored, you’ll see it alongside your normal login credentials in Google Password Manager.
Google via Jacob Roach
What to Do if You Lose Your Google Passkeys
There’s an obvious issue with passkeys, and that’s account recovery. Passkeys are tied to a particular device, so if that device is lost or stolen, you won’t be able to sign in to your account. There are two steps you need to take if you no longer have access to a device that holds your passkey.
First, you need to remove the passkey from that device. For your Google account, that’s simple enough:
- Go to myaccount.google.com;
- Select the Security tab from the left menu;
- Choose Passkeys and Security Keys under the How You Sign In To Google section;
- Remove the passkey you created;
- If you have a device-bound key, such as on an Android device, signing out of that device will remove the passkey. The link next to these devices will take you to the right page, but you can navigate to Your Devices in the Security section, as well.
Other websites that support passkeys allow you to remove them, as well. In our Best Buy example, for instance, you’ll find a Remove All Passkeys button in the same place you created the passkey. After that’s done, you can regenerate a passkey following the steps above on a new device you have access to. In the event you can’t access a new device, Google and other services that support passkeys have fallback options, including a recovery code or your standard password.
Why Passkeys Are Easier With a Password Manager
The problem with using your Google for passkey storage is, well, Google.
Apple, Microsoft, and Google have all been quick to adopt passkeys as an alternative form of authentication, and they’ve been just as quick to place restrictions on where you can and can’t save or use passkeys. It’s a mess. For instance, when you log in to iCloud, Apple says you can use a passkey but only with a device running iOS. Google automatically generated a passkey for my account when I recently switched my phone to the OnePlus 13R, and yet it doesn’t work, no matter how many QR codes I scan on a device that, supposedly, holds my Google passkey. Then there’s Windows and Microsoft. Those keys don’t even work across devices.
To avoid the platform-locked squabble of multibillion-dollar corporations, I recommend using a third-party password manager. Most of the best password managers come with passkey support, and you’ll be able to save and sync your passkeys across devices.
I use Proton Pass, but 1Password, NordPass, and others also support passkeys. You can save passkeys in Chromium-based browsers with your password manager’s extension, and both Android and iOS now allow third-party apps to store and manage passkeys.
There’s no nonsense about which devices support which passkeys, and you don’t need to tap dance around your devices just to save one. Most importantly, storing your passkeys in a password manager gives you flexibility. If you want to switch from Android to iPhone, or from macOS to Windows, or try out some new, hot browser, you can. Some services, such as Proton Pass, even allow you to share and export passkeys.
