Google announced today that passkeys are now available for high-risk users when enrolling in the Advanced Protection Program, which provides the strongest level of account security.
The Advanced Protection Program is a free service that protects the accounts of users such as activists, journalists, business leaders, and political teams, who are at a higher risk of being targeted by online attacks.
It blocks unauthorized access to APP-enrolled users’ accounts and adds enhanced protection against Google account phishing attacks, malicious apps, and data theft attempts.
Passkeys are tied to a specific device, such as a computer, tablet, or smartphone, and they work locally, offering a more secure alternative to traditional passwords and significantly reducing the risk of data breaches.
They also allow access to websites, online services, and apps using biometric sensors like fingerprint scanners and facial recognition, PINs, hardware security keys, or screen lock patterns. You can create a passkey using your device right now by going here, signing into your Google account, and clicking the “Get passkeys” button.
“Traditionally, users were required to have two physical security keys to enroll in APP, using their password and one of the security keys to log in. However, we understand that users might not always have access to physical security keys or the ability to buy one,” said Shuvo Chatterjee, Product Lead of Google’s Advanced Protection Program.
“Passkeys give high risk users the option to rely on the ease and security that comes with using personal devices they already own, as opposed to another device or tool like a security key, for phishing resistant authentication.”
High-risk users need a compatible device and browser to enroll in the Advanced Protection Program using a passkey. Next, they have to go through the following steps:
- Visit the Advanced Protection Program enrollment page.
- Click on “Get started.”
- Follow the on-screen instructions to complete the enrollment process. You can enroll with a passkey or a physical security key.
Google will also require a recovery option during AAP enrollment, such as a phone number and email or another passkey/security key, to ensure that users can regain access to their accounts if they are locked out.
In October, Google made passkeys the default sign-in method for all personal accounts across its services and platforms.
The company also introduced support for passwordless sign-in on all Google accounts in May 2023, and it added passkey support to its Chrome web browser and the Android operating system in October 2022.
Source: www.bleepingcomputer.com