Google marked World Password Day on May 7, 2026, with a detailed post on The Keyword outlining five security tools available to help users protect their Google Accounts and third-party apps. The post was authored by Sriram Karra, Group Product Manager for Google Identity and Engagement, and Claire Forszt, Product Manager for Google Identity and Engagement.
Passkeys: A Password-Free Sign-In Option
At the top of Google's list is passkeys, a sign-in method the company first introduced for Google Accounts on World Password Day in 2023. Passkeys replace traditional passwords by allowing users to authenticate using their device's built-in screen lock, including fingerprint recognition, face scan, or a PIN. Google describes passkeys as both easier to use and more secure than conventional multi-factor authentication methods, including one-time passwords. Crucially, the company confirmed that biometric data associated with passkeys is stored solely on the user's device and is never transmitted to Google.2-Step Verification as a Backup Safeguard
Google recommends pairing passkeys with 2-Step Verification (2SV). Even when passkeys are the primary sign-in method, 2SV provides an additional layer of protection in cases where someone attempts to claim a lost passkey and impersonate the account holder.Recovery Contacts: Regaining Access Through Trusted Individuals
One of the more notable tools highlighted is Recovery Contacts, which lets users designate up to 10 trusted contacts, such as friends or family members, to help verify their identity when they are locked out of their account. Should a lockout occur, Google sends the designated contact a prompt or email to assist in the sign-in process. Google specified that recovery contacts at no point gain access to the user's account or any personal information stored within it.Sign in with Google and Google Password Manager
For third-party apps and services, Google pointed to two additional tools. Sign in with Google lets users authenticate on external websites and apps using their Google Account, reducing the number of separate passwords they need to manage. This, Google noted, can also limit a user's exposure if another platform suffers a data breach.For platforms that do not support Sign in with Google, Google Password Manager offers an alternative. The tool can generate strong passwords, save them securely, and sync both passwords and passkeys across a user's devices, with autofill functionality for future sign-ins.
Google encouraged users to set up whichever combination of tools suits their needs, describing even small security changes made today as having meaningful long-term benefits for account protection.
I truly appreciate you spending your valuable time here. To help make this blog the best it can be, I would love your feedback on this post. Let me know in the comments: How could this article be better? Was it clear? Did it have the right amount of detail? Did you notice any errors?
If you found any of the articles helpful, please consider sharing it.