With the U.S. presidential election on the horizon, Google is enhancing its Advanced Protection Program (APP) by incorporating passkey support. This program is vitally important for high-risk individuals such as campaign staff, political candidates, journalists, and human rights activists, among others.
Previously, APP mandated the use of physical hardware security keys, but an impending update will allow for enrollment using passkeys. Participants in APP can choose to use passkeys on their own, or in combination with passwords or hardware security keys for added security.
As Google’s VP of Security Engineering, Heather Adkins, emphasizes in a recent blog post, “In a critical election year, we’ll be bringing this feature to our users who need it most.” The company is collaborating with organizations such as Defending Digital Campaigns and the International Foundation for Electoral Systems to ensure the protection of users at high risk globally.
According to Google, passkeys have already seen widespread adoption, with over one billion authentications across more than 400 million Google Accounts. This approach is currently more popular than traditional two-step verification methods like SMS or app-generated one-time passwords.
Passkey logins provide a significant security advantage by requiring physical access to a user’s phone, which makes unauthorized remote account access much more challenging. Additionally, this method reduces the dependence on hackable username and password combinations.
The adoption of this technology isn’t limited to Google—giant tech companies like Apple, Amazon, X (formerly known as Twitter), PayPal, WhatsApp, GitHub, and TikTok have also embraced passkeys.
Furthermore, Google is ramping up its Cross-Account Protection initiative, improving security alert sharing with third-party applications linked to users’ Google accounts. This expansion aims to thwart cybercriminals from accessing one service and using it as a doorway to others. Google notes it currently safeguards 2.4 billion accounts affiliated with 3.4 million apps and websites and is fervent in expanding collaborations industry-wide.
FAQ Section
-
What is Google’s Advanced Protection Program?
Google’s Advanced Protection Program is designed to provide additional security for high-risk users such as campaign workers, political candidates, and journalists, who are more susceptible to targeted cyber attacks. It traditionally required physical security keys for authentication, but now passkeys will be introduced as an additional option.
-
What are passkeys?
Passkeys are a form of two-factor authentication that provide a secure login method by requiring physical access to a user’s device. Passkeys are meant to replace vulnerable username and password combinations and protect against remote access by bad actors. They have gained widespread adoption across major tech companies.
-
How does the Cross-Account Protection program work?
Google’s Cross-Account Protection program shares security notifications with third-party apps connected to a user’s Google account when suspicious activity is detected. This helps to prevent one compromised account from being used to breach others, thus enhancing overall security.
Conclusion
The integration of passkeys into Google’s Advanced Protection Program represents a significant step forward in securing the online presence of individuals at high risk of cyberattacks, particularly in the politically sensitive period leading up to the U.S. presidential election. By adopting this advanced security technology, Google is leading by example and encouraging the wider industry to protect users against sophisticated online threats. As the digital landscape evolves, such proactive measures will be crucial for the safeguarding of personal and professional digital integrity.