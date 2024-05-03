



May 3, 2024Newsroom passwordless/encrypted

Google announced Thursday that passkeys are used in more than 400 million Google accounts and have authenticated users more than 1 billion times in the past two years.

“Passkeys are easy to use and phishing-proof, and are 50% faster than passwords because they rely solely on fingerprints, facial scans, and PIN numbers,” said Heather Adkins, vice president of security engineering at Google. .

The search giant noted that passkeys are often already used to authenticate Google accounts, rather than traditional forms of two-factor authentication that combine SMS one-time passwords (OTPs) and app-based OTPs. I am.

Additionally, the company announced that it is expanding its cross-account protection feature, which alerts you to suspicious events from third-party apps and services connected to your Google Account, to include more apps and services.

Google also plans to support the use of passkeys for high-risk users as part of the Advanced Protection Program (APP). This program aims to protect people from targeted attacks. This includes campaign workers, candidates, journalists, human rights defenders, etc.

Previously, APPs required you to use a hardware security key as a second factor, but now you can enroll using any passkey along with the hardware security key, or use the hardware security key as the only means of authentication. It will be available for use.

Google added passkeys to Chrome in December 2022 and has since rolled out a passwordless authentication solution by default to Google Accounts on all platforms.

Other notable companies that have adopted passkeys include 1Password, Amazon, Apple, Dashlane, Docusign, eBay, Kayak, Microsoft, PayPal, Shopify, Uber, and WhatsApp.

The development comes as Microsoft, which integrated passkeys into Windows 11 in September 2023, announced plans to support consumer account authentication standards using biometrics or device PINs across Windows, Google and Apple platforms. took place on the same day.

Passkeys work by creating a pair of encryption keys: a private key that is stored on your device and a public key that is shared with the app or website where the passkey is used.

“This key pair combination is unique, so the passkey only works with the website or app that created it, so you can't be tricked into signing into a similar malicious website,” Microsoft's Vasu Jakkal said. he said.

Passkeys can also be stored in third-party password management solutions like 1Password and Dashlane, giving users more control over where they're stored outside of Google Password Manager, iCloud Keychain, and Windows.

“A passkey can act as a first and second factor at the same time,” said Google product managers Sriram Karra and Christian Brand. “Creating a passkey for your security key allows you to bypass entering a password. This replaces the remotely stored password with his PIN used to unlock the security key, increasing your security. It will improve.”

However, concerns have also been raised that companies are using passkeys as a way to “bring users and viewers onto their platforms” and that “corporate interests are once again overriding a good user experience.”

“There is no better way to promote long-term lock-in of users than by locking all of their credentials into the platform. Even better, locking out the credentials that cannot be extracted or exported in any way. ” said William Brown, a software engineer involved in the development. webauthn-rs said.

Sources 1/ https://Google.com/ 2/ https://thehackernews.com/2024/05/google-announces-passkeys-adopted-by.html

