Google Starts Allowing Users To Enroll In Its 'Advanced Protection Program' With Passkeys

Google

Billions of people around the world are Google users, and this poses a risk.

With millions of apps on Google's Play Store, millions of kilometers traveled by users while using Maps, hundreds of billions of emails received and sent through Gmail daily, and other outworldly numbers, pretty much everything is protected behind username and password combination.

What this means, anyone with their hands on the correct combination of others' login credentials, could have access and comprise those accounts.

This is why Google Accounts have become a prime target for bad actors and hackers.

Especially because users of Google are diverse, and can include journalists, elected officials, political campaign staff and human rights workers, and more.

Google has what it calls the 'Advanced Protection Program', which is available to those high-risk users. If offers the most secure option for accessing their Google Account.

But to have this privilege, those high-profile users have to have hardware security keys, and these physical keys are needed as the second-factor authentication method.

This is changing.

In a blog post, Google announced that users enrolling in the APP can use passkeys instead of hardware security keys and use them as an all-in-one login method without the need for separate 2FA credentials.

What this means, users can essentially use their phones as the second-factor authentication method.

Shuvo Chatterjee, the product lead of Google’s Advanced Protection Program, has confirmed that passkeys are now available as part of the APP enrolment process with immediate effect.

It's worth noting that users don’t need to be in a high-risk occupation to be targeted by hackers.

But by bringing APP to more users, Google can ensure that more people can benefit its strongest level protection, bringing extra safeguards to users against the most common of attacks that are often launched against high-risk Gmail users: phishing and malware.

The move eliminates the the financial burden of purchasing not one but two hardware security keys to use during the enrolment process has meant that many users have shied away from taking this next-level security step.

Google

"Passkeys give high-risk users the option to rely on the ease and security that comes with using personal devices they already own," Chatterjee said, "as opposed to another device or tool like a security key, for phishing-resistant authentication."

Passkeys are another way to authenticate yourself to a service, an easier and more secure method than passwords according to Google.

They are "phishing resistant so users are provided protection against things like fraudulent emails," Chatterjee explained, and come with that ease of use built-in as they rely on your facial scan, fingerprint or a PIN using a device, their smartphone for example, that users already own.

Importantly, as far as usability goes, passkeys are used without the need for a password by default, although they can be used as a second factor in combination with one if desired.

Unlike passwords, there is nothing to remember or type into your computer or mobile devices.

They are also said to be more secure as they are tied to users' device. Like their smartphone for example, should be the first thing that is the most commonly used by people, and that the keys are never stored on Google's servers where they might be susceptible to hacking or phishing attacks.

With the decision, Google can bring APP to move users, and APP enrollment using a passkey couldn’t be easier.

It's worth noting though, that although the passkey can used to replace both the password credentials and 2FA parts of login, Google does still require users to choose a recovery method should they need to regain access to their account.

This can be any way of a telephone number, email, address separate passkey or hardware keys.

A combination of these will be used in the process of regaining access to an account, which is necessarily tougher when part of the APP.

Published: 
11/07/2024