As your organization's administrator, you can allow users to skip password sign-in challenges and instead use a passkey that covers first and second-factor authentication. With passkeys, your users can sign in to their managed Google Account using their phone, a security key, or their computer’s screen lock.
About passkeys
- Authentication requires biometric authentication, such as a fingerprint or facial recognition, or a PIN or pattern on a device. The screen lock only unlocks the passkey locally and does not share biometric information with Google or other third parties.
- To allow users to skip passwords, you need to turn on skip passwords in the Google Admin console. Your users then need to turn on skip passwords and add a passkey to their account.
- Your users don’t need to be enrolled into 2-Step Verification to use passkeys to skip passwords at sign-in.
Advantages of passkeys
- Passkeys use phishing-resistant technology and are simpler and more secure than passwords.
- Users can use a familiar pattern to unlock their device.
- Platforms sync passkeys using Google Accounts.
- Instead of remembering passwords for different sites, users can use passkeys.
Turn skip passwords on or off for users
To allow users to skip password challenges and use a passkey, you need to turn on skip passwords. Then, tell users to turn on skip passwords and add a passkey to their account. If this setting is turned on for a user, they can no longer add a security key to their account.
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
In the Admin console, go to Menu SecurityAuthenticationPasswordless.
- Click Skip passwords.
- If you want to allow users to skip password challenges, check the Allow users to skip passwords at sign-in by using passkeys box.
- Click Save.
- If you turned on skip passwords, users need to turn on skip passwords and add a passkey to their account. For the steps, go to Sign in with a passkey instead of a password.
If this setting is turned off after a user turned on skip password and added a passkey to their account, they will no longer be able to skip a password challenge. However, they can still be prompted for a passkey for second-factor authentication.