Google recently rolled out passkeys for Gmail, which lets you log in using a smartphone or computer without typing in the actual password. It’s a great way to improve Gmail security, but passkeys alone do not kill the password. And you still need a very strong, preferably unique, password to protect that Gmail account in the first place.
With that in mind, you’ll want to ensure that your Gmail and Google accounts are secure before you even think about using passkeys.
What’s the difference between Gmail and your Google Account?
If you have a Gmail address, the same username/password combination gives you access to the various apps available via a Google Account. That includes YouTube, Google Maps, Google News, Google Photos, Google Meet, Google Drive, Google Calendar, and many others.
Put differently, your Gmail account is a part of your Google Account.
But you’ll likely spend more time signing in to Gmail than any other Google app or service. That’s why Gmail security is critical. Anyone that manages to steal the username and password you use for Gmail can get into the account. And that can happen even after you set up passkeys for your devices. The password won’t just disappear.
With that in mind, you should ensure your Google account is secure before setting up passkeys. Once that’s done, Gmail will be secure. As will all the Google apps you use with the same Google account
How to perform a Google account Security Checkup
While you’re logged into your Gmail account, go to https://myaccount.google.com/ on your PC to start a Security Checkup. This is a procedure that Google might push you to perform occasionally. You should still take the Security Checkup even if Google doesn’t insist.
Look for a menu that says You have security tips or Your account is protected. If the former menu appears in your Google account, then Google thinks you have to take action to protect your Gmail/Google account.
The Security Checkup will contain different boxes that manage aspects of your Gmail security. Here, Google will provide suggestions on best practices or show a green tick next to menus.
Here’s what each of these menus does:
- Sign-in & recovery – lets you set up a recovery email, phone number, security question, and trusted mobile device
- Safe Browsing – enables Safe Browsing o your account to enhance your security online
- Your Devices – shows all devices logged into your Gmail account. You can remove any unknown gadgets from here.
- Recent security activity – provides notifications about strange sign-in events Google might have detected
- Gmail settings – you’ll find specific Gmail settings in here, like setting up outgoing emails to be sent from other email addresses
You should check each of them and ensure they’re in good standing.
How to perform a Google account Privacy Checkup
Tap Continue to your Google Account to return to your Google account. While you’re here, you’ll also want to give your Gmail/Google account privacy a checkup.
Tap on the Privacy & personalization menu to ensure you can get the best privacy settings inside your Google account. Here are the menus that you should check out and what they do:
- History Settings – prevent Google from collecting Web & App Activity, Location History, and YouTube History
- Personalized ads – you can turn off personalized ads
- Personal results in Search – decide whether Google shows you personal results in search based on your Google account
- Google Fit privacy – the menu manages data from wearable devices
- Info you can share with others – lets you control information that you might be sharing with others, like location information
- Data from apps and services you use – the menu shows content and preferences related to the Google account products you use with third-party apps that might have access to your account
You’ll want to spend a few minutes on each menu and make the Gmail/Google account privacy tweaks that best serve your needs. This is really where you’ll find all the privacy settings that matter.
Back to the Google Account home page, you will see a different menu for Privacy Checkup. Click on that too, but you’ll see the checkup menu takes you through some of the settings you’ve managed in the Privacy & personalization menu above. The checkup double-checks that you’ve gone through everything, so it’s a good idea to take it. Google might provide suggestions, as seen above.
Don’t forget to change your Gmail password
Once you’re done with the security and privacy checkups above, you might want to consider changing your Gmail password before enabling passkeys. That’s especially if you have a weak password for your Google account. Or if you use the same password elsewhere.
You’ll see a menu on the left of your Google account home page. Click on Personal Info and scroll to Password. That’s where you can change your password whenever you think it’s necessary. This is also the place where you’ll be able to set up 2-Step Verification for your Gmail/Google account.
I’d advise using a password manager on your computers and smartphones, like 1Password. When you change your Gmail password, make sure to update your password manager as well.
Enable passkeys for Gmail
Finally, the same Security menu lets you enable passkeys, as seen in the image above. You’ll be able to set a different passkey for each device you use to log into your Gmail/Google account.
Once you set them up, you’ll be using biometrics like a fingerprint on Android or Face ID on iPhone to log into your now-secure Gmail/Google account.
Finally, head to your Gmail account and look at the settings menu for additional Gmail-specific settings.