As your organization's administrator, you can allow users to skip password sign-in challenges and instead use a passkey that covers first and second-factor authentication. With passkeys, your users can sign in to their managed Google Account using their phone, a security key, or their computer’s screen lock.
Passkeys are a simple and secure alternative to passwords. With a passkey, you can sign in to your Google Account with your fingerprint, face scan, or device screen lock, like a PIN.
Passkeys provide the strongest protection against threats like phishing. Once you create a passkey, you can use it to easily sign in to your Google Account, as well as some third-party apps or services, and to verify it's you when you make sensitive changes.
Important:
- If your account has 2-Step Verification or is enrolled in the Advanced Protection Program, a passkey bypasses your second authentication step, since this verifies that you have possession of your device.
- Your biometric data, used for fingerprint or face unlock, stays on your device and is never shared with Google.
Turn skip passwords on or off for users
To allow users to skip password challenges and use a passkey, you need to turn on skip passwords. Then, tell users that they need to turn on skip passwords and add a passkey to their account.
-
Sign in to your Google Admin console.Sign in using an administrator / super admin account.
-
In the Admin console, go to Menu
Security
Authentication
- Click Skip passwords.
- If you want to allow users to skip password challenges, check the Allow users to skip passwords at sign-in by using passkeys box.
- Click Save.
If this setting is turned off after a user turned on skip password and added a passkey to their account, they will no longer be able to skip a password challenge. However, they can still be prompted for a passkey for second-factor authentication.
Check what you need to create a passkey
You can create passkeys on these devices:
- A laptop or desktop that runs at least Windows 10, macOS Ventura, or ChromeOS 109
- A mobile device that runs at least iOS 16 or Android 9
- A hardware security key that supports the FIDO2 protocol
Your computer or mobile device also needs a supported browser like:
- Chrome 109 or up
- Safari 16 or up
- Edge 109 or up
To create and use a passkey, you must enable the following:
- Screen lock
- Bluetooth
- This applies if you want to use a passkey on a phone to sign in to another computer.
- For iOS or macOS: You must enable iCloud Keychain.
- When you set up a passkey on your Apple device, it prompts you to enable your iCloud Keychain if not set up already.
Tip: To ensure the best passkeys experience, make sure your operating system and browser are up to date.
Based on your operating system and browser, you may not be able to create or use passkeys while in Incognito mode.
Advantages of passkeys
- Passkeys use phishing-resistant technology and are simpler and more secure than passwords.
- Users can use a familiar pattern to unlock their device.
- Platforms sync passkeys using Google Accounts.
- Instead of remembering passwords for different sites, users can use passkeys.
