A month ago, Google rolled out passkey support to consumer Google accounts. Today, it is extending this to business users, with the open beta launch of passkeys for Google Workspace and Cloud accounts.
Like almost every other major tech company, Google has been waging war against passwords for years. The promise of passkeys is that they are safer than passwords and multifactor authentication because instead of using an authentication code from an app or SMS, passkey users can simply use their phones, desktop or laptops to sign into websites and apps with the same logins they already use for their devices — be that a biometric login or a PIN code. Since users need to have physical access to these devices, it’s also less likely that an adversary will be able to gain access to them accidentally.
Passkeys, like physical security keys, also have the advantage of being resistant to phishing and indeed, the cryptographic protocols underlying the technology aren’t all that different from those of physical security keys.
Google’s own research has shown that using passkeys is twice as fast and four times less error-prone than passwords (no surprise there).
“Over the past decade Google has been at the forefront of the battle against phishing and password-related threats, including with our automated defenses powered by Google AI,” write Google Workspace product manager Jeroen Kemperman and Workspace engineering manager Shruti Kulkarni in today’s announcement. “We championed the development of physical security keys and their standardization under the FIDO Alliance. As generally a simpler and more secure alternative to passwords, passkeys represent the culmination of this work to bring phishing-resistant technology to billions of people worldwide.”
As is typical for these Workspace rollouts, Google is rolling this new feature out slowly. Over the course of the next few weeks, admins will get the ability to enable passkeys for their users and skip passwords at sign-in.