In a groundbreaking move, Google has announced a radical security enhancement for its Gmail users that promises to redefine digital safety. Say goodbye to traditional two-factor authentication (2FA); the tech giant is rolling out an innovative top-tier security upgrade designed to provide robust protection without the hassles of current methods.
Near 2 billion people use the free Gmail email service, with more than 300 billion emails flowing daily. No wonder, then, that your Google account, which unlocks the door to that Gmail data, is a prime target for criminal and state-sponsored hackers alike. Google’s Advanced Protection Program is available to high-risk users such as politicians, activists and journalists, and offers the most secure option for accessing your account. This has come at a cost, as hardware security keys have been required as the second-factor authentication method—until now. Google has finally announced that users enrolling in the APP can use passkeys instead of hardware security keys and use them as an all-in-one login method without needing separate 2FA credentials.
Also Read: Oracle Announces Expansion: Two Public Cloud Regions to Open in Morocco
Passkeys Can Now Replace Google Advanced Protection Program Hardware Keys and 2FA
Shuvo Chatterjee, the product lead of Google’s Advanced Protection Program, has confirmed that passkeys are now available as part of the APP enrollment process with immediate effect. The APP is the solidest level of Google Account protection, bringing extra safeguards against the most common attacks often launched against high-risk Gmail users: phishing and malware. Truth be told, you don’t need to be in a high-risk occupation to be targeted this way, and as such the APP makes for a secure thinking solution for most users.
Figure: Thanks to Forbes
Excluding the financial burden of purchasing not one but two hardware security keys to use during the enrollment process has meant that many users have shied away from taking this next-level security step. Google’s announcement means that the program has just opened up to a much larger user base.
“Passkeys give high-risk users the option to rely on the ease and security that comes with using personal devices they already own,” Chatterjee said, “as opposed to another device or tool like a security key, for phishing-resistant authentication.”
Also Read: Red Hat Launches RHEL for AI and InstructLab to Democratize Enterprise AI
What Is A Passkey and Why Should You Use One?
Passkeys are an alternative way to authenticate yourself to a service, an easier and more secure method than passwords according to Google. They are “phishing resistant so users are protected things like fraudulent emails,” Chatterjee said, and come with that ease of use built-in as they rely on your facial scan, fingerprint or a PIN using a device, your smartphone for example, that you already own. Significantly, as far as usability goes, passkeys are used without the need for a password by default, although they can be used as a second factor in combination with one if desired. Disparate passwords, there is nothing to remember or type into your computer or mobile devices. They are also said to be more secure as they are tied to your device, and your smartphone most normally, and are never stored on servers where they might be susceptible to hacking or phishing attacks.
APP enrollment using a passkey couldn’t be easier. Just visit the APP start page and choose to enroll with a passkey when the option is offered. Though the passkey can used to replace both the password credentials and 2FA parts of login, Google does still require you to choose a recovery method should you need to regain access to your account. This can be any way of a telephone number, email, and address separate passkey or hardware keys. A combination of these will be used in the process of regaining access to an account, which is unavoidably tougher when part of the APP.
Wrap-up:
Google’s latest innovation targets to change this narrative. The new security upgrade leverages advanced technology to streamline the user experience while enhancing protection against cyber threats.
