Connect with us

Tech

Google Adds Passkeys to its Advanced Protection Program

Published

on

Google Adds Passkeys to its Advanced Protection Program

Google today updated its Advanced Protection Program (APP) for Google accounts, giving high-risk users its strongest security protections yet. APP is designed for journalists, elected officials, political campaign staff, human rights workers, and others at high risk of cyber-attacks, and it offers additional safeguards against phishing attacks, malware, and account fraud.

APP is more secure, but it’s also less convenient. To date, the program has required that participants use two physical security keys to ensure their accounts are protected. But that’s changing.

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott’s Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

*” indicates required fields

“Today, we’re making it even easier for high-risk users to enroll and use the program by making passkeys available in APP,” Google’s Shuvo Chatterjee and Grace Hoyt write in the announcement post. “Users traditionally needed a physical security key for APP — now they can choose a passkey to secure their account.”

As Google explains, passkeys are easier to use and much more secure than passwords because they rely on a fingerprint, face scan, or PIN and require on-device hardware-based security features. Passkeys are created on phones, tablets, and PCs, and they’re designed to be passwordless—to not require a password—by default. (They can be set up on accounts that already have passwords, too, of course.) Passkeys are also more secure than legacy forms of multifactor authentication (MFA), especially those based on text messages, because they are tied to a device (a thing you have with its own hardware-based security protections) and aren’t stored in the cloud or susceptible to phishing attacks.

With APP, Google has required users to have two security keys before they can enroll in the program, and then they would use their password and one security to authenticate. But physical security keys have all kinds of obvious problems—”this could be difficult for a journalist covering a war zone or a traveling campaign worker,” Google notes—and so passkeys will make life easier: Now, APP users can use passkeys stored personal devices they already own instead of a security key when they need to authenticate.

You can learn more—and enroll in the program—on the Google Advanced Protection Program website.

Continue Reading