Use a passkey to complete sensitive actions

Setting Up Your Google Ads Account Passkey

For subtitles in your language, turn on YouTube captions. Select the Settings icon Image of YouTube settings icon found in the video player, then select Subtitles/CC and choose your language.

Passkeys are a simple and secure alternative to passwords that can’t be shared, guessed, copied, written down, or accidentally given to someone else. Using a passkey helps your most critical account settings remain secure, reducing the risk of phishing and unauthorized access.

While all advertisers can set up a passkey to sign in to your Google Ads account, you may also be required to use a passkey to confirm your identity when completing sensitive actions like account linking updates or user access changes. You’ll be notified by email and in-product notification if this security feature in your account requires a passkey.

This article explains the requirements to use a passkey, how to set one up, and how to troubleshoot any issues with your passkeys.


On this page

Passkey setup requirements

You only need one eligible device like a personal smartphone to be passkey-ready for your entire account. You don’t have to enable it on every device you own. Your device must have a screen lock either through Face ID, Touch ID, or PIN to use a passkey. For enhanced security, we recommend setting up a passkey on each device you use to perform sensitive actions in your Google Ads account.

Supported devices

  • A computer that runs at least Windows 10, macOS Ventura, ChromeOS 109, or up
  • A phone that runs Android 9.0, iOS 16 or up
  • A hardware security key that supports the FIDO2 protocol. Most security keys on the market today are FIDO2 capable.
Autogenerated passkeys on Android can’t be used to verify sensitive actions on Google Ads at this time.

Supported browsers

  • Chrome 109 or up
  • Safari 16 or up
  • Edge 109 or up
  • Firefox 122 or up

Make sure your browser isn’t in Incognito or Private browsing mode, as this may block the setup of a new passkey.

Bluetooth connectivity

Bluetooth must be turned on for both the device performing the action and the device holding the passkey. Passkeys use Bluetooth to make sure your devices are physically near each other. For example, if you’re performing the action with your laptop, your phone that holds the passkey and your laptop must both have bluetooth turned on.

Devices should be within the bluetooth range of 1-2 meters (3-7 feet) of each other. You don’t need to "pair" the devices in your settings. Having bluetooth turned on for both devices will allow them to recognize each other.

Set up a passkey for your Google Ads account

To set up a passkey, you may need to sign in to your Google Account or verify your identity. To protect your account, don’t create a passkey on a shared device.

  1. Go to the Passkeys and security keys page in your Google Account settings. If you’re signed in to multiple Google accounts, make sure you’re accessing the settings for the account associated with your Google Ads account.
  2. Select Create a passkey.
  3. Create a passkey by following the steps provided by your device. These steps may include entering your pin or scanning your biometric.

New passkeys take about one to 2 days to pair with Ads. Try attempting this action again after this period.

Check the passkey setup status for users in your account

To check the status of passkey setup for users in your account:

  1. Go to Access and security in the Admin Admin Icon menu.
  2. Check the "Passkey status" column for details about each user in your account.

To filter users in your account based on their passkey setup status:

  1. Go to Access and security in the Admin Admin Icon menu.
  2. Select the Filter icon.
  3. Select Passkey Status.
  4. Select Enabled or Disabled to filter by status.

To check the status of your entire account tree, select Show users in full hierarchy.

Complete a sensitive action on a different device

If you need to complete a sensitive action on a different device than the one that holds your passkey, follow these steps.

  1. When you’re prompted to complete a "Confirm it’s you" challenge, select Use another device or A different phone/tablet to use your passkey
  2. A QR code will appear on the screen. Use your phone’s camera to scan the code.
  3. Your phone will prompt you to verify using your screen lock, such as Face ID or your PIN. After successful completion of this prompt, your original device will automatically refresh and authorize the action.
Note: If you have a physical security key, insert it while the QR code is displayed and follow the prompts to finish your verification.

Troubleshoot issues with passkeys

Use the troubleshooting steps below to fix any issues you may encounter setting up a passkey.

Issue Troubleshooting steps

I can’t create a passkey on my device.

Make sure your devices and browsers meet the Passkey setup requirements.

I received the error message "Something went wrong"

Make sure that your browser is updated to the latest available version.

I received the error message "Passkey not found"

This can be caused by removal of a passkey locally. You can resolve the issue by removing this passkey from your Google Account Security & sign-in settings.

I no longer have access to the original device used to create my passkey

Contact Google Support.

I received the message "Your Admin hasn’t enabled passkeys for sign-in"

This notification is shown as a warning banner at the top of your Google Security page. This doesn’t mean that you can’t use a passkey.

Under the notification, find and select Create a passkey. If you have a hardware security key, you can also select Use a security key and follow the instructions

After you select your preferred method, you’ll receive a prompt like "Use Windows Hello" or "Touch ID". Follow the provided steps to complete validation.

After you successfully complete the validation steps, your passkey will appear in the list and will be active for Google Ads, even if you still see the notification banner.

Passkey already exists

You may receive a message that a passkey already exists for your account or device. Review the "Passkeys you created" section of the Passkeys and security keys page in your Google Account to identify any devices or passkeys you no longer own or use.

If you’re on the correct device but the existing passkey isn't working, remove the current device's entry and select Create a passkey to fix your issue.

I’m being prompted to use the Google Authentication app to complete verification.

If you’re being prompted to complete verification using the Google Authentication app, you may not have enrolled in passkeys.

Check your passkey setup status to verify if you’ve already successfully enrolled a passkey in your Google Ads account.

  • If you haven’t set up a passkey, the system is prompting for "Google Authentication" as a fallback or a reminder to upgrade security factors. Go to Security within your account and create a passkey. This is the "strong factor" required to satisfy modern Google Ads security requirements.

  • If you’ve set up a passkey already, you may be using a new or unrecognized device or "Skip password when possible" is disabled in your account. To fix, go to Security and check that all "strong factors" are active.

Make sure that "Skip password when possible" is toggled on. If you’re on a new device, create a local passkey for that specific hardware to stop generic authentication prompts.

I've created a passkey, but the page keeps refreshing.

If you recently created a passkey and the page refreshes or loops when you try to use it, your account is likely in a standard security synchronization period. New passkeys may experience a temporary lag in functionality immediately after setup.

Please wait 48 hours before using your new passkey to authorize sensitive tasks, such as updating billing or user permissions. If you continue to experience issues after this period, you will be able to authenticate using an alternative method.

Frequently asked questions

Expand all Collapse all

Why aren’t passkeys compatible with shared agency logins?
A passkey is always personal. It is a unique cryptographic credential bound to an individual's specific device and biometric profile. It cannot be shared among a group.
Is the inability to share a passkey a technical limitation?
No. It is a security feature to correct incorrect identity use. Shared identities are disallowed and discouraged by policy as they create accountability gaps and increase phishing risks.
If I use an SSO platform like Okta, do I still need a Google passkey?
Yes. Only Google Ads passkeys are accepted for sensitive challenges in Ads. Your standard SSO login flow will not change, but you must add a Google passkey to your account to complete sensitive actions.
How should our agency structure account access?
Agencies should transition to individual user access. Invite each employee using their unique email address so they can secure their access with their own personal passkey.
When will I be required to use a passkey?

You may be prompted to use your passkey specifically for sensitive actions within Google Ads. Sensitive actions include adding new users or changing billing information, among others. This ensures that sensitive changes are verified by a physical, unphishable credential.

You can still choose to use your standard password and 2-Step Verification (2SV) methods to log into your account.

What happens if I don't have a passkey?
If a passkey isn’t created, you won’t be able to complete sensitive actions in the Google Ads account.
I have a passkey but can't complete the challenge. Why?
Passkeys are device-specific. You must have a passkey on the specific device you are currently using, or use the "Use another device" flow to verify via a mobile phone that holds the key.
Can I complete sensitive actions on an Android browser?
Currently, passkeys on Android browsers cannot complete sensitive challenges in Google Ads.
Why can't I perform actions immediately after setup?
New passkeys may be subject to a 7-day security delay. You should be able to complete actions using other authentication workflows.
After I set up a Google Ads passkey, am I forced to use it every time I log in?
No. Setting up a Google Ads passkey doesn’t mean it’s mandatory to use it for every login. You can still choose to use your standard password and 2-Step Verification (2SV) methods like SMS codes or App notifications as you normally would.
Can I switch back and forth between a passkey and my password?
Yes. On the sign-in screen, you can select Try another way to choose between your passkey or your traditional password and 2SV methods.
Can I turn off the default setting for Passkeys?

Yes, you can change the default passkey settings. However, if this setting remains enabled, the system will automatically prompt you to create or use a passkey during your next login.

You can turn off the "Passkey-first" experience by turning off the Skip password when possible toggle.

  1. Sign in to your Google Account.
  2. Select Security from the left-hand navigation menu.
  3. Toggle the Skip password when possible switch to Off in the "How you sign in to Google" section.

Note that for Cloud and Workspace users, only the IT Admin has the authority to change the default passkey settings for the organization.

I have a passkey enabled on one mobile device, but I still keep getting prompted to create another on others.
Passkeys are device-bound. Even if you have one set up on your mobile device, the system will prompt you to create a local passkey on your computer. We recommend that you create a passkey for each device you plan to use to complete sensitive actions in your Google Ads account. Please note that this is a recommendation only and you are not required to create one on every device, but doing so allows you to sign in using your computer's own security without needing your phone each time.
My company uses iCloud Keychain, can I opt-out of passkeys?
In general, passkeys can be used on their own, but can also be used as a 2-Factor-Authorization step. On Apple devices, passkeys are stowed in your iCloud Keychain for security and syncing. While passkeys are the recommended secure path, users can turn off the "skip password" default in their Google Security settings if they prefer, though passkeys are required to complete sensitive actions in your Google Ads account.

Related links

Was this helpful?

How can we improve it?

Need more help?

Try these next steps:

Post to the help community Get answers from community members
Contact us Tell us more and we’ll help you get there
false
Google Ads logo
Drive Revenue with Optiscore

Want to improve account health and drive business goals? Learn from industry & Google experts on how to drive revenue with the help of Optimization Score & Auto Apply Recommendations.

Register Now

Search
Clear search
Close search
Google apps
Main menu
11218649571887731851
true
Search Help Center
true
true
true
true
true
true
73067
false
false
true
true
false
false