If you have your Google passkey or password stored in your device keychain, and someone has your device and knows your passcode, then they would be able to access your account.So I have just tried changing my Google account password, and this can be done with nothing more than the iPhone passcode once you have a passkey setup.
This basically means that your device passcode will become the key to many more kingdoms than just your iCloud account.
It's going to be more important than ever to protect your device passcode from prying eyes.
This is possible whether it’s a password or passkey.