Over 400 Million Google Accounts Have Used Passkeys



Google is kicking off World Password Day by updating us on its efforts to replace the often hacked, guessed, and stolen form of authentication with passkeys. Their password less approach relies on device-based authentication instead, making logging in faster and more secure, The Verge reported.

In a blog post on Thursday, the company announced that over 400 million Google accounts (of the at least 1.5 billion reported since 2018) have used passkeys since rolling them out, logging over a billion authentications between them. The majority of users find them easier to use than passwords, according to Google, adding that “since launching, passkeys have proven to be faster than passwords, since they only require users to simply unlock their device using a fingerprint, face scan or pin to log in.”

Google posted: “Passkeys, Cross-Account Protection and new ways we’re protecting your accounts”

Expanding Cross-Account Protection

We’re expanding Cross-Account Protection – our program for sharing security notifications, in a privacy-preserving way, other companies that run the non-Google apps and services you use. This helps prevent cybercriminals from gaining a foothold in one of your accounts and using it to infiltrate others.

We are currently protecting 2.4 billion accounts across 3.4 million apps and sites, and are growing our collaborations across the industry to keep billions of users safer online. It’s built on the Shared Signals Framework, which we helped create and launch in 2019, and in the coming year, we’re expanding our partnerships and support for this program. Stay tuned for which of your favorite apps and services begin using Cross-Account Protection.

Passkeys reaches a milestone – and what’s next

In less than a year, passkeys have been used to authenticate people more than 1 billion times across over 400 million Google Accounts. Passkeys are easy to use and phishing resistant, only relying on a fingerprint, face scan, or a pin making them 50% faster than passwords. In fact, on a daily basis passkeys are already used for authentication on Google Accounts more often than legacy forms of 2SV, such as SMS one-time passwords (OTPs) and app based OTPs (such as Authenticator apps) combined.

Passkeys for high risk users. We’ll soon support the use of passkeys to enroll in our strongest security offering, the Advanced Protection Program (APP). APP safeguards users who are at the highest risk of targeted attacks including campaign workers and candidates, journalists, human rights workers and more. APP traditionally required using hardware security keys as a second factor; but soon users can enroll in APP with any passkey in addition to their hardware or security keys; or use their passkeys as a sole factor or along with a password;

In a critical election year, we’ll be bringing this feature to our users who need it most, and continue to work with experts like Defending Digital Campaigns, the International Foundations for Electoral Systems, Asia Centre, Inernews, and Possible to help protect global high risk users.

More choice in where you store passkeys.

We are pleased to see independent password manager vendors such a 1Password and Dashlane, now leveraging the passkeys management APIs on Android and other operating systems. This important milestone, together with the ability to store passkeys on security keys, will give users more control.

In my opinion, it is going to take some time for Google to convince people who use passwords to switch over to passkeys. For years, we’ve been using self-selected passwords to access our favorite websites.