Google Passkey: Faster, Safer, and Now on 400M Accounts

Google has officially announced that its passwordless access technology, Passkey, is now utilized in over 400 million accounts, with the authentication process having been executed more than a billion times over the past two years.

Passkey technology is more resistant to phishing and significantly simplifies the login process as it requires just a fingerprint, facial scan, or PIN, making it 50% faster than using traditional passwords, according to Google’s Vice President of Engineering Security, Heather Adkins.

The company also noted that Passkey is now used more frequently for authentication in Google accounts than classic two-factor authentication methods such as OTP and TOTP.

Additionally, Google stated that it is expanding the scope of its Cross-Account Protection feature, which alerts users about suspicious activities with third-party apps and services linked to their Google account. Soon, even more apps and services will begin supporting this feature.

Google is expected to soon support the use of Passkey for users at high risk as part of its Advanced Protection Program, which is designed to protect users from targeted attacks, such as those that could easily target campaign workers, political figures, journalists, and human rights activists.

Previously, the program required the exclusive use of hardware security keys, but now Passkey can be used in conjunction with a hardware key or as the sole method of authentication.

Google added support for Passkey in the Chrome browser in December 2022 and has since implemented a solution for passwordless authentication in Google accounts across all platforms by default. Passkey has also been adopted by major companies such as 1Password, Amazon, Apple, Dashlane, Docusign, eBay, Kayak, Microsoft, PayPal, Shopify, Uber, and WhatsApp.

Passkey technology operates by creating a cryptographic key pair, where the private key is stored on the device, and the public key is transmitted to the application or website.

Passkey can also be stored in third-party password management solutions like 1Password and Dashlane, providing users with more control over where their credentials are stored.

Undoubtedly, Google’s Passkey technology represents a significant advancement in providing users with a more secure and convenient authentication experience. Moving away from traditional passwords not only protects against phishing attacks but also greatly simplifies the process of accessing accounts.

The widespread adoption of Passkey by major companies suggests the viability of this solution and its potential to become a new industry standard. However, it is important to remember that no technology is 100% secure, so it is crucial to continue improving data protection measures and raising user awareness of cyber threats.