



As part of World Password Day (yes, that's a given), Google is touting its security achievements and sharing updates on its latest efforts. The company revealed its passkey adoption metrics for the first time, saying it has been used more than 1 billion times across 400 million Google accounts. “Since launch, Passkeys have proven to be faster than passwords, as users can log in by simply unlocking their device with their fingerprint, face scan, or PIN,” Google writes.

The company launched broad support for passkeys in 2022 and rolled it out across its services a year ago. In the past 12 months, the technology has been adopted by Amazon, 1Password, Dashlane, Docusign and more, joining companies like eBay, PayPal and WhatsApp. Google boasted that the technology made Kayak users sign in 50% faster and said Dashlane saw a 70% increase in conversions using passkeys.

Google will soon expand passkeys to users most at risk of targeted attacks as part of its Advanced Protection Program (APP). The company says the service is aimed at individuals, including campaign workers, candidates, journalists, human rights activists and others.

“Traditionally, APP registration required the use of a hardware security key as a second factor, but users will soon have the option to register using any passkey in addition to using a hardware security key. “Now you can,” Google writes. “This expanded passkey support helps reduce barriers to entry for APPs while providing phishing-resistant authentication… [and] It will come in a critical election year. ”

We also extend cross-account protection to protect users across multiple platforms. This system allows Google to share security notifications about suspicious events with non-Google apps and services. “This is a very important advantage, as cybercriminals often use the initial point of entry as a foothold to access more information.”

Google recommends creating a passkey for your account to take advantage of new protections. Until then, practice good password hygiene by using long passwords that include letters, numbers, and symbols, applying two-factor authentication (2FA), and never reusing passwords. According to HIPAA, an attacker could crack his simple 8-digit password in just 37 seconds, but it would take him 1.9 trillion digits to crack his 18-digit code, which combines numbers, uppercase letters, lowercase letters, and symbols. It takes years.

