Google is expanding its work with passkeys in an effort to boost security around the world ahead of a series of major elections, including the US presidential race, scheduled for 2024.
In a blog postthe search giant revealed that it will soon support the use of access keys to enroll in its Advanced Protection Program (APP), a security offering from Google designed for high-risk individuals such as journalists, human rights workers or presidential candidates and campaign workers.
“In a crucial election year, we will bring this feature to our users who need it most, and continue to work with experts like Defending Digital Campaigns, the International Foundation for Electoral Systems, Asia Center, Internews and Possible to help global protection to protect. high-risk users,” the company noted.
Malicious interference
Previously, APP required users to have some form of hardware security as a second factor, but soon users will be able to enroll in APP with any passcode, in addition to their hardware security keys, Google explains. Furthermore, they can use passkeys as the only factor, or link them to a password.
If you’re unsure why Google correlates passkeys with the US presidential election, there are reports that state-sponsored threat actors from Russia, as well as other Russia-affiliated groups, have influenced or attempted to influence previous elections. They allegedly did this through social media campaigns and misinformation, often using stolen accounts.
Google also revealed that more and more third-party password managers are now using password management APIs on Android and other operating systems, and that support for passkeys is growing across the industry.
The company also said consumers responded in kind: “In less than a year, passkeys have been used to authenticate people more than 1 billion times across more than 400 million Google accounts,” the company said. “In fact, passkeys are already more commonly used for authentication on Google accounts than older forms of 2SV, such as SMS one-time passwords (OTPs) and app-based OTPs (such as Authenticator apps) combined.”