The password alternatives known as “passkeys” are now available to users of Google’s Advanced Protection Program (APP), providing an extra layer of security for those at risk of targeted digital attacks. Google has supported passkeys for regular individual accounts for over a year and made them the default login option in October. However, Google waited to introduce passkeys to APP users until it was confident the community was ready.
APP users often hold public-facing roles or engage in controversial work. While anyone can enroll in APP for free, it requires strict multi-factor authentication, previously involving hardware tokens. With the introduction of passkeys, APP project manager Shuvo Chatterjee highlights that APP’s security benefits will now be more accessible globally.
“Security keys are incredibly strong and un-phishable,” Chatterjee told Truth Voices before today’s announcement. “But they are still physical items that people need to carry. They can be lost and are costly. We frequently get requests for security measures that are equally robust but more convenient. Passkeys fit the threat profile our high-risk users face.”
With the rise of digital crime and online fraud, tech companies have intensified efforts to secure accounts and promote passkeys, a cryptographic authentication system, as a secure alternative to passwords. Passkeys are stored locally on devices or on hardware tokens supporting the FIDO2 protocol, protected by a fingerprint, face scan, or pin. Advanced Protection will continue to offer the option of traditional two-factor authentication, with the hardware token as the second factor.