Google announced new achievements and shared some updates to Passkeys on World Password Day. The search giant revealed password unlockers were used more than a billion times on 400 million accounts in less than a year.
The new authentication technology was first introduced for Android and Chrome in 2022. At the time, Google allowed developers to access the keys through Google Play Services beta and Chrome Canary. A year later, the company launched Password Keys for Google Accounts to allow users to sign in without typing passwords.
Note the increase in the use of keys, Google said:
Password keys are easy to use and resistant to spoofing, relying only on a fingerprint, face scan or pin making them 50% faster than passwords.
In fact, on a daily basis passkeys are already used more often to authenticate Google accounts than legacy forms of 2SV, such as SMS one-time passwords (OTPs) and app-based OTPs (such as Authenticator apps) combined.
Google is working to improve security for high-risk users and will soon add support for password keys to its Advanced Protection Program (APP), which currently offers hardware security keys as an additional layer of security. The program is designed to protect users such as journalists, campaign workers and human rights workers, who are at risk of targeted attacks. It means:
APP is traditionally required using hardware security keys as a second factor; But soon users can register for the APP with any additional key in addition to their hardware security keys; or use their password keys as a single factor or together with a password.
There is a growing list of companies adding password key support to their products and services, including Amazon, Shopify, Yahoo! JAPAN, Kayak and more, join companies like WhatsApp, Uber and PayPal. Google said password keys enabled Kayank users to log in 50% faster than before. Microsoft has just announced that it has added password generator support to all consumer Microsoft accounts.
It’s already possible to store password keys on security keys, Google said, adding that users now have more flexibility to decide where they want to store their password keys. Third-party password managers such as Dashlane and 1Password use APIs to manage password keys on Android and other operating systems.