Saturday, November 23, 2024

Google enables passkey enrollment for Advanced Protection Program

Must read

Google’s Advanced Protection Program (APP) is now open for passkey enrollment after the company announced Wednesday it would no longer require physical security keys for APP users.

The Advanced Protection Program is designed to provide extra security for “high risk” users whose Google Account contains valuable or sensitive files that put them at an increased risk of targeted cyberattacks. This can include government officials, business leaders, journalists, IT admins and political campaign staffers.

Traditionally, the program required possession of two physical security keys and users would log in using their password and one security key. However, this limited some high-risk users’ ability to enroll, particularly users in war zones or frequent travelers who may face challenges accessing or purchasing a physical security key.

With the new option to enroll and log in using only a passkey, more users will be able to take advantage of enhanced security through the APP. The use of passkeys also comes with additional benefits for new and existing users.

Benefits of passkeys for enhanced Google account security

Google passkeys use phishing-resistant FIDO Authentication for passwordless logins that leverage biometric identity verification and pins. Google began rolling out the option to use passkeys to all users last year, including for Google Workspace accounts.

Passkeys are more resistant to phishing attacks than passwords and traditional multi-factor authentication methods because they are tied to specific devices and not store elsewhere, Google said. They also offer added convenience and ease-of-use, eliminating the need to memorize passwords, but can also be optionally combined with password authentication for an added layer of security.

The benefits of passkeys over passwords have made them hot topic in the identity space; the method was extensively discussed at this year’s Identiverse conference, where speakers expressed the expectation that passkeys would eventually overtake passwords as the dominant form of authentication.

An increase in targeted credential-stuffing attacks also emphasizes the need for passwordless authentication approaches. And while the transition from passwords to passkeys may be a gradual process for many organizations, more popular services have been adopting passkey support recently, with GitHub and WhatsApp also rolling out passwordless authentication options last year.

How to enroll in the Google Advanced Protection Program using a passkey

Users with compatible devices and browsers can enroll in the APP by clicking “Get Started” on the program’s landing page, and following the on-screen instructions, which now offer the option to use a passkey rather than a physical security key. Users will need to add email and phone number recovery options to their Google Account to ensure they can regain access in case of a lock out.

Users can enroll more than one account in the APP, including both work and personal accounts, family members’ accounts and Google Workspace Accounts if needed. Non-administrator Google Workspace users will need administrator approval to enroll in the APP, and Google Workspace administrators can enroll all the accounts in their organization, as well.

APP enrollment and passkey creation are free, with the only potential cost being that of purchasing a physical security if the user opts to use one. APP-enrolled accounts apply more stringent checks and warnings for file downloads and app installations than general Google accounts and the several optional security features for Google accounts are activated by default on APP accounts.

After enrolling in the APP, users will need to use their passkey to sign in, using a fingerprint scan, face scan or pin on their device.

Google also announced Wednesday that it’s partnering with Internews, an international nonprofit organization that supports journalists, to provide additional safety and security support to journalists and human rights workers in 10 countries across Asia, Latin America and Europe.

Latest article