 Passwords have been around for a long time, but they're a pain for your users and the liability for you as a developer. Strong passwords are difficult to remember, so many people don't bother creating strong passwords, or they reuse the same password for everything. Password managers help here. Google password manager, for example, generates a strong password, auto-fills it to the right domains and apps, and synchronizes it across devices. The reality is, not all users rely on password managers. On top of that, passwords are just not very secure. Two-factor authentication does improve security, but it adds extra steps for users and costs you money. But it doesn't have to be like that. You can start the journey away from passwords and make your users' digital lives easier and more secure with pass keys. Pass keys are a simple and secure cross-device authentication technology that enables creating online accounts and signing into them without entering a password. On sites and apps that implement pass keys, the browser or operating system shows users a prompt to create a pass key. Users only need to use the screen lock on their device, such as touching the fingerprint sensor to continue. There is no need to type or remember anything. Then, to log into an account, users have simply shown a prompt to unlock their device. Sites that have implemented pass keys are seeing the number of benefits, such as power login success rates, reduced drop-off rates, increased conversion rates, and reduced costs of separate two-factor authentication solutions. Signing in with pass keys provides strong protection against phishing and data breaches, two of the biggest security threats that passwords fail to prevent. Pass keys work with public key cryptography. A pass key is a private key stored securely on the device. It's created when using the screen lock functionality, fingerprint, facial recognition, pen, or pattern. The matching public key is stored on the server. Because no secret is stored on the server, pass keys are not vulnerable to server breaches like passwords are. Each pass key can only be used for the same service it's created on, so users can be attracted to using their pass key to sign in to a sketchy app or website. Since logging in to a site or an app is done by using the screen lock, a pass key replaces a password and a second factor in a single step. Pass keys already work on most browsers and operating systems. When a user creates a pass key for a website on their phone, the phone's credential provider can back it up and synchronize to other devices. For example, if a user sets up a new Android device with the same Google account, Google password manager will have all their pass keys ready to use. Pass keys can also be used on devices they are not synchronized to through the hybrid protocol. For example, a user can use a pass key on their Android phone to log into a website on their friend's macOS computer by scanning a pass key QR code. To prevent remote attacks, the two devices will connect to each other locally, ensuring that they are physically close. We are well on the way to a passwordless future. By implementing pass keys today, you get better security, a better user experience and happier users. For more details on pass keys and how to implement them, check out our documentation.