Google is kicking off World Password Day by informing us of its efforts to replace the oft-hacked, guessed and stolen form of authentication with passkeys. Their passwordless approach relies instead on device-based authentication, making login faster and more secure.
In a blog post on Thursday, the company said that over 400 million Google accounts (of the at least 1.5 billion reported since 2018) have used passkeys since launch and over one billion authentications have been logged between them. The majority of users find them easier to use than passwords, according to Google, adding: “Since their introduction, passkeys have proven to be faster than passwords, with users simply needing to unlock their device with a fingerprint, facial scan or PIN to log in to register.” In.”
Google’s Passkey milestones suggest that many people are adopting the sign-in technology, but not everyone is confident about how the rollout is going. Although Microsoft, Apple, Google, and third-party login managers like 1Password and Dashlane support passkeys, many people have reported their opposition online, ranging from confusion about the need for passkeys to complaints about various bugs or problems users have with them encountered.
“Disappointment with technology seems to be the norm rather than the exception,” said software blogger William “Firstyear” in a post documenting several of these passkey issues. “The helplessness of the users in these threads is obvious – and they are technical early adopters. The users we need need to be advocates for moving from passwords to passkeys. If these users can’t get it to work, how will people from other disciplines fare?”
“Passwords have proven themselves well; we have had them for 70 years. “We were able to fix most of the problems with passwords, but they still suck, right?” Christiaan Brand, product manager for identity and security at Google, said The edge. “The transition path isn’t always easy, and you’re going to have a whole bunch of very vocal users who used to do things in a very specific way and now they’re all telling you that the new thing you’re doing is wrong.”
All of this suggests that the dream of creating a passwordless future will have to co-exist with more accepted login methods for the foreseeable future. “I think as an industry we have a little bit to learn. We’re trying to get through this and sometimes we make mistakes,” Brand said. “So we make a few slight changes to certain things, but ideally we need to go out and show these early adopter services a path to meaningful conversion.”
Brand says that over time, increasing friction around using potentially insecure passwords could lead to passkeys becoming the login of choice. “…if you use your password to access your Google account, that also means you couldn’t use your passkey, so it’s either a legitimate user who lost their device or it’s a bad guy. Brand gave an example where users who log in with a password instead of their master key may have to wait 24 hours to gain access while Google performs security checks to ensure the account has not been compromised.
To strengthen its security offerings during the upcoming US elections, Google also announced that Passkeys will soon be supported by its Advanced Protection Program (APP), which provides increased protection to prominent Google Account users such as journalists, activists, politicians, etc Managing Director. APP users have the option to use passkeys alone or together with a password or hardware security key.
Cross-account protection, which shares security notifications about suspicious activity in a user’s Google account to connected non-Google apps, is also being expanded with “additional collaborations.” Google says this will help better protect billions of users “regardless of the platform they are on” by preventing cybercriminals from gaining access to entry points that could expose users’ other accounts.