Google Workspace users can now log in without a password, thanks to passkeys

Enlarge (credit: Aurich Lawson | Getty Images)

Following up on Google’s rollout of passkey support for consumer Google accounts in May, Google has now extended password-less login to Google Workspace business accounts. Google calls the Workspace rollout an “Open Beta” and says “more than 9 million organizations can allow their users to sign in to Google Workspace and Google Cloud accounts using passkeys instead of passwords.”

If you have not heard, passkeys are a new password replacement, with backing from Google, Apple, and Microsoft. Instead of presenting a password text box when logging in, passkey support—which needs to be built into your browser and OS—would have your machine swap public-private keypairs with the website using the “WebAuthn” standard, and you’re logged in. Most Passkey implementations make a portable device, typically your phone, a requirement for logging in, even if you’re using a PC. Usually you’ll pull out your phone and unlock it, sort of like app-based 2FA or SMS.

The core concept is a reasonable evolution of the password. In the early days, passwords were supposed to be human-memorable, and you would manually type it into the text box. Then, password managers came along, and the best practice was generating a random string and pasting it into the website’s text box, as a sort of hack for the old “type it in” system. Passkeys remove the text box entirely, and the browser sends that “random string” without the human intermediary. Passkeys improve password security because you can never write them down, they can’t be reused across sites, and they are a lot harder to phish compared to passwords, because the browser decides which passkeys belong to which sites.