On 10 July 2024, Google announced that passkeys are now available for high-risk users enrolling in the Advanced Protection Program, which offers the highest level of account security.
The Advanced Protection Program is a free service designed to protect accounts of high-risk users such as journalists, business leaders, and who are more likely to be targeted by online attacks.
This program blocks unauthorized access to enrolled users’ accounts and provides enhanced protection against Google account phishing attacks, malicious apps, and data theft attempts.
Passkeys are linked to specific devices, like computers, tablets, or smartphones, and they function locally, providing a more secure alternative to traditional passwords and significantly reducing the risk of data breaches.
Passkeys allow access to websites, online services, and apps using biometric sensors like fingerprint scanners and facial recognition, PINs, hardware security keys, or screen lock patterns. Users can create a passkey with their device by going to the provided link, signing into their Google account, and clicking the “Get passkeys” button.
“Traditionally, users needed two physical security keys to enroll in APP, using their password and one of the keys to log in. However, we understand that users might not always have access to or be able to purchase physical security keys,” said Shuvo Chatterjee, Product Lead of Google’s Advanced Protection Program.
Passkeys give high-risk users the option to rely on the ease and security of using personal devices they already own, rather than another device or tool like a security key, for phishing-resistant authentication.
To enroll in the Advanced Protection Program using a passkey, high-risk users need a compatible device and browser. The steps are as follows:
- Visit the Advanced Protection Program enrollment page.
- Click on “Get started.”
- Follow the on-screen instructions to complete the enrollment process, using either a passkey or a physical security key.
During APP enrollment, Google will also require a recovery option, such as a phone number and email or another passkey/security key, to ensure that users can regain access to their accounts if they are locked out.
In October, Google made passkeys the default sign-in method for all personal accounts across its services and platforms. The company also introduced support for passwordless sign-in for all Google accounts in May 2023, and it added passkey support to its Chrome web browser and the Android operating system in October 2022.
