Tag Archives: passkeys

Over 400 Million Google Accounts Have Used Passkeys

Google is kicking off World Password Day by updating us on its efforts to replace the often hacked, guessed, and stolen form of authentication with passkeys. Their password less approach relies on device-based authentication instead, making logging in faster and more secure, The Verge reported.

In a blog post on Thursday, the company announced that over 400 million Google accounts (of the at least 1.5 billion reported since 2018) have used passkeys since rolling them out, logging over a billion authentications between them. The majority of users find them easier to use than passwords, according to Google, adding that “since launching, passkeys have proven to be faster than passwords, since they only require users to simply unlock their device using a fingerprint, face scan or pin to log in.”

Google posted: “Passkeys, Cross-Account Protection and new ways we’re protecting your accounts”

Expanding Cross-Account Protection

We’re expanding Cross-Account Protection – our program for sharing security notifications, in a privacy-preserving way, other companies that run the non-Google apps and services you use. This helps prevent cybercriminals from gaining a foothold in one of your accounts and using it to infiltrate others.

We are currently protecting 2.4 billion accounts across 3.4 million apps and sites, and are growing our collaborations across the industry to keep billions of users safer online. It’s built on the Shared Signals Framework, which we helped create and launch in 2019, and in the coming year, we’re expanding our partnerships and support for this program. Stay tuned for which of your favorite apps and services begin using Cross-Account Protection.

Passkeys reaches a milestone – and what’s next

In less than a year, passkeys have been used to authenticate people more than 1 billion times across over 400 million Google Accounts. Passkeys are easy to use and phishing resistant, only relying on a fingerprint, face scan, or a pin making them 50% faster than passwords. In fact, on a daily basis passkeys are already used for authentication on Google Accounts more often than legacy forms of 2SV, such as SMS one-time passwords (OTPs) and app based OTPs (such as Authenticator apps) combined.

Passkeys for high risk users. We’ll soon support the use of passkeys to enroll in our strongest security offering, the Advanced Protection Program (APP). APP safeguards users who are at the highest risk of targeted attacks including campaign workers and candidates, journalists, human rights workers and more. APP traditionally required using hardware security keys as a second factor; but soon users can enroll in APP with any passkey in addition to their hardware or security keys; or use their passkeys as a sole factor or along with a password;

In a critical election year, we’ll be bringing this feature to our users who need it most, and continue to work with experts like Defending Digital Campaigns, the International Foundations for Electoral Systems, Asia Centre, Inernews, and Possible to help protect global high risk users.

More choice in where you store passkeys.

We are pleased to see independent password manager vendors such a 1Password and Dashlane, now leveraging the passkeys management APIs on Android and other operating systems. This important milestone, together with the ability to store passkeys on security keys, will give users more control.

In my opinion, it is going to take some time for Google to convince people who use passwords to switch over to passkeys. For years, we’ve been using self-selected passwords to access our favorite websites.

Google Wants Users To Switch From Passwords To Passkeys

Google posted on The Keyword titled: “”Passwordless by default: Make the switch to passkeys” It was written by Siram Karra and Christiaan Brand.

Earlier this year, we rolled out support for passkeys, a simpler and more secure way to sign into your accounts online. We’ve received really positive feedback from our users, so today (October 10) we’re making passkeys even more accessible by offering them as the default option across personal Google Accounts.

This means the next time you sign into your account, you’ll start seeing prompts to create and use passkeys, simplifying your future sign-ins. It also means you’ll see the “Skip password when possible” option toggled on in your Google Account settings.

To use passkeys, you just use a fingerprint, face scan or pin to unlock your device, and they are 40% faster than passwords – and rely on a type of cryptography that makes them more secure. But while they’re a bit step forward, we know that new technologies take time to catch on – so passwords may be around for a little while. That’s why people will still be given the option to use a password to sign in and may opt-out of passkeys by turning off “Skip password when possible.”

We found that one of the most immediate benefits of passkeys is that they spare people the headache of remembering all those numbers and special characters in passwords. They’re also phishing resistant.

TechCrunch reported that Google has announced that passkeys, touted by the tech giant as the “beginning of the end” for passwords, are becoming the default sign-in method for all users.

Passkeys are a phishing-resistant alternative to passwords that allow users to sign into accounts using the same biometrics or PINs they use to unlock their devices, or with a physical security key. This removes the need for users to rely on the traditional username-password combination, which has long been susceptible to phishing, credential stuffing attacks, keylogger malware, or simply being forgotten.

According to TechCrunch, while security technologies multi-factor authentication and password managers add an extra layer of security to password-protected accounts, they are not without flaws. Authentication codes sent via text messages can be intercepted by attackers, for example, and password managers can (and have been) hacked.

Passkeys, on the other hand, are made of two parts: one part is left on the app or website’s server, and the other is stored on your device, which allows you to prove that you are the legitimate owner of the account. This also makes it near-impossible for hackers to remotely access your account, given that the physical access to a user’s device is needed, even in the event of a server breach.

9To5 Google reported that after launching in May, Google will soon actively encourage users to set up passkeys for their Gmail, YouTube, and other first-party accounts,

With passkeys, signing in to your Google Account just involves entering a username and then using your phone or computers existing password (PIN code, fingerprint, face, etc.) to confirm the attempt.

As part of this launch, users can still just use their password over passkeys by turning off the “Skip password when possible” option. If a device is lost, you can revoke Google Account passkeys in settings.

Since launch, Google has found that “over 64% of our users find passkeys to be easier to use compared to traditional methods like passwords and 2-step Verification (2SV).” People also think passkeys are easier because the sign-in process is said to be 40% faster than passwords.”

In my opinion, passkeys will probably be easier for most people to use, compared to remembering what your Gmail or YouTube password was. I think passkeys should prevent someone taking over your Gmail or YouTube channel because they can’t replicate your fingerprint.