Allow users to skip passwords at sign-in (beta)

As your organization's administrator, you can allow users to skip password sign-in challenges and instead use a passkey that covers first and second-factor authentication. With passkeys, your users can sign in to their managed Google Account using their phone, a security key, or their computer’s screen lock.

About passkeys

  • Authentication requires biometric authentication, such as a fingerprint or facial recognition, or a PIN or pattern on a device. The screen lock only unlocks the passkey locally and does not share biometric information with Google or other third parties.
  • To allow users to skip passwords, you need to turn on skip passwords in the Google Admin console. Your users then need to turn on skip passwords and add a passkey to their account.
  • Your users don’t need to be enrolled into 2-Step Verification (2SV) to use passkeys to skip passwords at sign-in. 

Advantages of passkeys

  • Passkeys use phishing-resistant technology and are simpler and more secure than passwords.
  • Users can use a familiar pattern to unlock their device.
  • Platforms sync passkeys using Google Accounts. 
  • Instead of remembering passwords for different sites, users can use passkeys.

Turn skip passwords on or off for users

To allow users to skip password challenges and use a passkey, you need to turn on skip passwords. Then, tell users to turn on skip passwords and add a passkey to their account. If this setting is turned on for a user, they can no longer add a security key to their account.

  1. Sign in with an administrator account to the Google Admin console.

    If you aren’t using an administrator account, you can’t access the Admin console.

  2.  Go to Menu and then Security > Authentication > Passwordless.

    Requires having the Security settings administrator privilege.

  3. Click Skip passwords.
  4. If you want to allow users to skip password challenges, check the Allow users to skip passwords at sign-in by using passkeys box.
  5. Click Save.
  6. If you turned on skip passwords, users need to turn on skip passwords and add a passkey to their account. For the steps, go to Sign in with a passkey instead of a password.

If this setting is turned off after a user turned on skip password and added a passkey to their account, they will no longer be able to skip a password challenge. However, they can still be prompted for a passkey for second-factor authentication.

Monitor passkey usage

Supported editions for this feature: Frontline Standard; Enterprise Standard and Enterprise Plus; Education Standard and Education Plus; Enterprise Essentials Plus; Cloud Identity Premium. Compare your edition

Use the security investigation tool (SIT) to find the number of users who enrolled a passkey, used passkeys to skip passwords at sign-in, and used passkeys as a second step for 2SV.

Users who enrolled a passkey

  1. Sign in with an administrator account to the Google Admin console.

    If you aren’t using an administrator account, you can’t access the Admin console.

  2. Go to Menu and then Security > Security center > Investigation tool.

    Requires having the Security center administrator privilege.

  3. From the Data source menu, select User log events.
  4. Click Add condition.
  5. From the Attribute menu, select Event, and ensure that the condition is set to Is (the default).
  6. From the Event menu, select Passkey enrolled
  7. Click Group results
  8. From the Attribute menu, select User.
  9. Click Search.
    The result contains the number of users who enrolled a passkey at least once.

Users who used passkeys to skip passwords at sign-in

  1. Sign in with an administrator account to the Google Admin console.

    If you aren’t using an administrator account, you can’t access the Admin console.

  2. Go to Menu and then Security > Security center > Investigation tool.

    Requires having the Security center administrator privilege.

  3. From the Data source menu, select User log events.
  4. Click Add condition.
  5. From the Attribute menu, select Challenge type, and ensure that the condition is set to Is (the default).
  6. From the Challenge type menu, select Passkey.
  7. Click Add condition to add another condition, and ensure that the operator is set to AND (the default).
  8. From the Attribute menu, select Event, and ensure that the condition is set to Is (the default).
  9. From the Event menu, select Successful login.  
  10. Click Group results
  11. From the Attribute menu, select User.
  12. Click Search.
    The result contains the number of users who used passkeys to skip passwords at sign-in.

Users who used a passkey as a second step for 2SV

  1. Sign in with an administrator account to the Google Admin console.

    If you aren’t using an administrator account, you can’t access the Admin console.

  2. Go to Menu and then Security > Security center > Investigation tool.

    Requires having the Security center administrator privilege.

  3. From the Data source menu, select User log events.
  4. Click Add condition.
  5. From the Attribute menu, select Challenge type, and ensure that the condition is set to Is (the default).
  6. From the Challenge type menu, select Passkey.
  7. Click Add condition to add another condition, and ensure that the operator is set to AND (the default).
  8. From the Attribute menu, select Event, and ensure that the condition is set to Is (the default).
  9. From the Event menu, select Login verification.  
  10. Click Group results
  11. From the Attribute menu, select User.
  12. Click Search.
    The result contains the number of users who used a passkey as a second step for 2SV.

Was this helpful?

How can we improve it?

Need more help?

Try these next steps:

Post to the help community Get answers from community members
Contact us Tell us more and we’ll help you get there
true
Start your free 14-day trial today

Professional email, online storage, shared calendars, video meetings and more. Start your free Google Workspace trial today.

Search
Clear search
Close search
Google apps
Main menu
11835013868261777685
true
Search Help Center
true
true
true
true
true
73010
false
false
false