It's World Password Day, but Google wants you to know that the days of the password are numbered.
Passkeys consist of two cryptographic keys, a public key that's registered with the online service or app, and a private key that's stored on a device, such as a smartphone or a computer. That might sound complicated, but passkeys have been designed to be easy to use. In fact, to log in with a passkey, you use your face, a fingerprint, or a PIN in much the same way that you unlock your smartphone.
In a blog post, Google VP of Security Engineering Heather Adkins announced today that since Google launched passkeys on World Password Day 2022, over 400 million Google Accounts have been secured with passkeys. Furthermore, these users have collectively logged over 1 billion authentications, demonstrating growing adoption and usage of this relatively new security feature.
Also: What are passkeys? Experience the life-changing magic of going passwordless
In fact, the use of passkeys for Google Accounts has now surpassed traditional forms of two-step verification (2SV), including SMS-based one-time passwords (OTPs) and app-based OTPs (like those used in Authenticator apps). According to Google, passkey users experience login times that are 50% faster than those using passwords, enhancing both the security and efficiency of their authentication processes.
Google has further announced plans to integrate passkeys into its Advanced Protection Program (APP), which offers enhanced security measures for high-risk Google Account users such as activists, politicians, and journalists. Users enrolled in this program will soon have the option to switch to using passkeys exclusively or to use them in conjunction with traditional passwords or hardware security keys.
This integration represents a significant step in bolstering security while maintaining user convenience for those at heightened risk of targeted attacks.
Also: The best password managers you can buy: Expert tested
So, what's stopping everyone from adopting passkeys?
For years, the emphasis has been on creating complex passwords as the best line of defense for securing digital accounts. Now, people are confused and wondering what's changed. It's hard to get across that the landscape of digital security is constantly evolving, and with it, the strategies for securing access to online information.
While passkeys offer a new, more streamlined, more secure approach to security, significantly reducing the risk of phishing and eliminating the need to remember and manage multiple passwords, it's hard to communicate that to the average user.
The transition from traditional passwords to passkeys indeed brings its set of challenges, particularly due to the abstract nature of passkeys compared to the tangible and familiar format of passwords. Passkeys, which involve interactions with on-screen prompts, QR codes, and device-based authentication, can seem daunting due to their perceived complexity. Telling users that they can log into a site in half the time isn't enough of a carrot to encourage many to switch.
Passwords are a long way from being dead, and it seems like we will be celebrating World Password Day for years to come.