Google Passkeys Gain Adoption by Over 400 Million Accounts

Google Passcode screen

Google announced on Thursday that its passkeys have been embraced by over 400 million Google accounts, facilitating authentication over 1 billion times in the past two years. Heather Adkins, Google’s vice president of security engineering, highlighted the simplicity and security of passkeys, which rely solely on a fingerprint, face scan, or PIN, making them 50% faster than traditional passwords.

These passkeys have surpassed legacy forms of two-factor authentication, such as SMS one-time passwords (OTPs) and app-based OTPs combined, in terms of usage for authenticating Google Accounts. Additionally, Google is expanding its Cross-Account Protection feature to encompass more apps and services, providing alerts for suspicious activities linked to a user’s Google Account.

Furthermore, Google plans to support the use of passkeys for high-risk users as part of its Advanced Protection Program (APP), offering additional security for individuals vulnerable to targeted attacks. While APP previously mandated the use of hardware security keys as a second factor, it will now allow enrollment with any passkey alongside hardware security keys or as the sole authentication method.

Google integrated passkeys into Chrome in December 2022 and has since made the passwordless authentication solution default across all platforms for Google Accounts. Several prominent companies, including 1Password, Apple, Microsoft, and WhatsApp, have also adopted passkeys.

Passkeys function by generating a cryptographic key pair, comprising a private key stored on the device and a public key shared with the corresponding app or website. This unique key pair ensures that passkeys are specific to the intended platform, mitigating the risk of phishing attacks.

While passkeys offer enhanced security and convenience, concerns have been raised regarding their potential use by companies to monopolize user credentials within their platforms. Critics argue that this approach prioritizes corporate interests over user experience and freedom.

Despite these concerns, Google remains committed to advancing passkeys as a robust authentication solution, emphasizing their effectiveness in combatting phishing and enhancing user security.