OK, there is this new idea of a passkey that is rolling out and you can look here to see if a site supports it, but the big ones are amazon.com, Best Buy, Google, GitHub, eBay, Instacart, PayPal, Shopify, Tailscale, Synology, Uber. The idea is pretty simple, just as you can FaceID unlock your phone or TouchID your Mac, you can do the same when you login to websites. It is pretty tricky to get this running though, so here's a guide assuming you are using 1Password to store your credentials.
The Easy Way for Google: To avoid 2FA on Macs with 1Password
This assumes you are using Google Workspace so have to enable the beta, then you add the passkey to your 1Password vault:
- Enable Google Workspace Passkey. The trick here is you don't get this as part of your usual login. Instead, you first have to enable Passwordless Beta if you are using Google Workspace, this is in Admin > Security > Authentication > Passwordless and click yes.
- Google.com Passkey. Start with 1Password and you just go to an entry and at the top, it will say, "Passkey available", you just click on the button and it will take you to the right location and hit "Get passkeys". This will take you to a Google authentication screen (at g.co/passkeys), so log in and then choose "create passkey". YOu have to do this for all your Macs and it will say something into 1Password.
- YOu have to do this for each Google identity that you have you can select the identity you want to save and it will add it to 1Password
- You can test way, when you login to a computer, you will get a QR code and you use your phone to validate and then you can create a local passkey on your machine. Every piece of hardware has a different passcode.
- So logout of the Google account in your browser, when you log back in again, it will ask for a password and then ask if you want to use a passkey and then you don't need a second factor. Note you still need your password, the passkey thing justs saves 2FA
Amazon: Stores the passkey in their cloud
Then there is Amazon which is different, the passkey is stored in their cloud.
- Again you can go to 1Password or here to Your Account > Login & Security > Passkey > Set up
- Then you will get asked to sign in. Notice This is way simpler than the Google case, Amazon just asks for your biometric and you are done for that device
- If you have 2FA on you will still need your second factor six-digit code.
You can also use Apple as a password manager, so in Settings > Passwords, you will get passkeys