Google has announced passkey support for passwordless access to Google accounts enrolled in the Advanced Protection Program (APP) across all its platforms. Passkey support will now allow Google account holders to sign into services and applications without entering a password or using two-step verification.
The Google Advanced Protection Program (APP) is a free service that protects the accounts of users at a higher risk of targeted online attacks, such as journalists, activists, politicians, or public figures. Google also states that anyone with “valuable files or sensitive information should consider Advanced Protection.”
Users traditionally needed a physical security key for APP—now they can choose a passkey to secure their account.
By enrolling your Google account in APP, the most significant visible change will be that your passkey or security key will be required when you sign in. However, many more protections will be enabled by default behind the scenes, such as advanced malware protection warnings before file attachment downloads and privacy settings.
Why a passkey is better than a physical security key
For years, two-factor authentication physical security keys such as Yubikeys have been a preferred security best practice. They force someone to know their credentials and tap a physical security key to prove that a human is trying to log in to the account. This helps mitigate phishing cyberattacks, where anyone could use stolen credentials anywhere.
But, users might not always have access to physical security keys or the ability to buy one. For example, this could be difficult for a journalist covering a war zone or a traveling professional.
Passkeys give high-risk users the option to rely on the ease and security that come with using personal devices they already own, as opposed to another device or tool like a security key, for phishing-resistant authentication.
The end of the password?
The move is a massive step forward in what Google hopes is the beginning of the end of passwords. Passwords have become rampant targets for hackers and nefarious actors and have been a fundamental weakness in cybersecurity for decades.
Google’s announcement today expands passkey support across all Google accounts. Passkeys are now supported on consumer Google, enterprise Workspace, and Advanced Protection Program accounts. It also aims to raise adoption across the consumer sector for zero trust cybersecurity principles.
