Google recently announced a significant milestone in cybersecurity, revealing that passkeys are now used by over 400 million Google accounts and have authenticated users more than one billion times over the past two years. Passkeys offer a more secure and user-friendly alternative to traditional passwords, primarily utilizing biometrics or PINs for authentication. According to Heather Adkins, Google’s vice president of security engineering, passkeys are not only phishing-resistant but also facilitate quicker access to accounts, being 50% faster than traditional password methods.
The adoption of passkeys has already surpassed traditional forms of two-factor authentication, such as SMS and app-based one-time passwords (OTPs), on Google Accounts. Google’s expansion of Cross-Account Protection, which monitors for suspicious activity involving third-party apps connected to a user’s Google account, is set to include more apps and services. This move is part of Google’s broader strategy to integrate passkeys into its Advanced Protection Program (APP), aiming to provide high-risk users, such as journalists and activists, with enhanced security measures.
In addition to protecting high-profile users, the integration of passkeys also simplifies the authentication process. Previously, the APP required hardware security keys as a second factor, but now it allows the option to use passkeys either in conjunction with or as a complete replacement for hardware keys. This flexibility helps cater to a broader range of user preferences and security needs, further bolstering the security infrastructure of user accounts.
Despite the benefits, some critics have raised concerns about passkeys potentially locking users into specific platforms, suggesting that this could be another way for companies to retain control over user data and preferences. This criticism highlights the delicate balance between enhancing security and maintaining user freedom. Nevertheless, the widespread adoption of passkeys by major companies like Microsoft, Apple, and others alongside Google underscores the growing consensus on the effectiveness of this technology in improving online security.
