Goodbye Password: Google Takes Account Security to the Next Level with Passkey

Goodbye Password: Google Takes Account Security to the Next Level with Passkey

Google has announced a significant update to its Advanced Protection Program (APP), allowing high-risk users to leverage Passkey technology for account security. Previously, participation in the APP required physical security keys, but now users can protect their accounts with a virtual key, known as a Passkey.

What is Google Passkey?

Passkey is considered a more secure and phishing-resistant option than traditional passwords. Based on the FIDO (Fast IDentity Online) authentication standard, Passkey replaces passwords with biometrics or PINs, offering a seamless yet secure login experience. This technology can serve as both the primary and secondary authentication factor, effectively eliminating the need for passwords altogether.

In May, Google reported that over 400 million accounts now use Passkey. High-risk users such as journalists, government officials, political campaigners, human rights activists, and business leaders can now authenticate themselves using this advanced method. Passkeys provide:

  • Choice: Passkeys can be created on personal devices such as phones and laptops, as well as on modern physical security keys.
  • Convenience: Passkeys are more user-friendly than traditional passwords because they eliminate the need to remember or type them every time you log in.
  • Security: Passkeys offer superior security compared to traditional passwords and existing multi-factor authentication methods because they are tied to your device and are not stored on servers, making them less susceptible to phishing attacks.

Upon registration, users are required to add recovery options such as a phone number, email address, or another Passkey. This step helps restore access to an account if it is blocked but also presents a potential loophole. Hackers could exploit these less secure authorization options using recently reported AiTM (Adversary-in-the-Middle) techniques.

How to Use Passkey to Protect Your Google Account

To start using Passkey for your Google account, ensure you have a compatible device and browser. Then follow these steps:

  1. Visit the Advanced Protection Program enrollment page.
  2. Click on "Start."
  3. Follow the on-screen instructions to complete the setup process.
Google Passkey
© Google

Google also announced a partnership with Internews to support the security of journalists and human rights activists in 10 countries across Asia, Latin America, and Europe. This initiative aims to provide these high-risk groups with enhanced security tools and training.

Additionally, Google is expanding its darknet reporting feature to all users with a Google Account. Previously available only to Google One subscribers, this feature allows users to check if their data has been compromised on the dark web. This expansion makes it accessible to everyone, further enhancing user security.

Google's introduction of Passkey technology in its Advanced Protection Program is a game-changer for account security. By eliminating the need for traditional passwords and offering a more secure and convenient authentication method, Google is leading the way in protecting users from online threats. Whether you're a high-risk user or an everyday internet user, Passkey offers a promising solution for keeping your accounts safe.