Google is kicking off World Password Day by updating us on its efforts to replace the oft-cracked, guessed, and stolen form of authentication with passkeys. Their password-free approach instead relies on device-based authentication, making access faster and more secure.
In Thursday’s blog postthe company has more than 400 million Google accounts (at least 1.5 billion 2018) since its release using passkeys, between which it has logged more than a billion authentications. According to Google, most users find passwords easier to use, adding that “since launch, passcodes have proven to be faster than passwords because they simply require users to unlock their devices using a fingerprint, face scan, or pin . enter.”
Google’s passkey milestones show that many people are embracing the sign-in technology, but not everyone is sure how the rollout is going. Despite Microsoft, Apple, Google, and third-party login managers such as 1Password and Dashlane supporting passkeys, many people have written online about their opposition. confusion over the need for switch keys for complaints about various errors or problems users encountered them.
“Disappointment with technology seems to be the norm, not the exception,” said William Brown, who runs the Firstyear blog. post documenting a few of these toggle switch issues. “The desperation of users on these issues is palpable – and these are technical early adopters. Users should be in favor of switching from passwords to keys. If these users can’t make it work, what about people from other disciplines?”
“Passwords have worked well, we’ve had them for the last 70 years. With ciphers, we’ve solved most of the confusion, but they’re still bad, aren’t they?” This was announced by Christiaan Brand, product manager for identity and security at Google The Verge. “The transition is not always easy, and there will be a bunch of very vocal users who used to do things in a very particular way, now they will all tell you that the new thing you are doing is wrong.”
All this suggests that the dream of creating a password-free future will have to coexist with more recognized login methods in the near future. “I think as an industry we need to learn a little bit. We try to overcome it and sometimes we make mistakes,” Brand said. “So we’re making some adjustments to some of the things we’re doing, but ideally, we need to go out there and show a way to make a conversion that will make sense to these early adopter services.”
Brand says that over time, adding friction to the process of using potentially weak passwords could promote passkeys as preferred access. “If you’re using your password to sign in to your Google account, that also means you can’t use your dongle, so it’s either a legitimate user who’s lost their device or a bad guy.” The brand cited the example that users who log in using a password instead of a password may be required to wait 24 hours to gain access, while Google performs security checks to ensure the account isn’t stolen.
Google has also announced this to strengthen its security offerings during the upcoming US elections toggle switches will be supported soon by him Advanced Protection Program (APP) that provides increased protection for high-profile Google account users such as journalists, activists, politicians and business leaders. APP users will have the option to use passkeys alone or in combination with a password or hardware security key.
Cross-Account Protection, which shares security notifications about suspicious activity in a user’s Google account with related non-Google apps, is also being expanded with “additional collaborations.” Google says this will help better protect billions of users “regardless of the platform they use” by preventing cybercriminals from gaining access to access points that could expose users’ other accounts.