Almost 2 billion people use Gmail, a free email service, and more than 300 billion emails go through it every day. So it’s no wonder that your Google account, which unlocks the door to this Gmail data, is a prime target for both criminal and state-sponsored hackers. Google’s Advanced Protection Program is available to high-risk users such as politicians, activists and journalists and offers the most secure way to access your account. This was worth it because hardware security keys were required as a second factor authentication method – until now. Google has finally announced that users who sign up for the APP can use passkeys instead of hardware security keys and use them as an all-in-one login method without the need for separate 2FA credentials.
Access keys can now replace hardware keys and 2FA of the Google Advanced Protection program
Shuvo Chatterjee, product lead for Google’s Advanced Protection Program, confirmed that access keys are now available as part of the APP registration process with immediate effect. The APP represents the strongest level of Google Account protection and provides additional security against the most common attacks that are often launched against high-risk Gmail users: phishing and malware. In truth, you don’t need to be in a high-risk occupation to be targeted in this way, and as such, the APP is a safe solution for most users.
Eliminating the financial burden of purchasing not one, but two hardware security keys for use during the sign-up process meant that many users avoided this next-level security step. Google’s announcement means that the program has just opened up to a much larger user base. “Passkeys give high-risk users the ability to rely on the ease and security that comes with using the personal devices they already own,” Chatterjee said, “as opposed to another device or tool like a security key for phishing-resistant authentication.
What is an access key and why should you use it?
Access keys are another way to authenticate to the service, which Google says is an easier and more secure method than passwords. They’re “phishing-proof, so users are protected from things like phishing emails,” Chatterjee said, and they come with built-in ease of use because they rely on scanning your face, fingerprint or PIN with a device like your smartphone . , which you already own. Importantly, in terms of usability, passkeys are used by default without the need for a password, although they can be used as a second factor in combination with one if needed. Unlike passwords, there’s nothing to remember or type into your computer or mobile devices. They are also said to be more secure because they are tied to your device, most commonly your smartphone, and are never stored on servers where they could be vulnerable to hacking or phishing attacks.
Registering an APP with an access key couldn’t be easier. Just visit the home page of the APP and choose to register with an access key when offered. Although the passkey can be used to replace both the password credentials and the 2FA part, Google still requires you to choose a recovery method if you need to regain access to your account. It can be any way of phone number, email, address separate access key or hardware keys. A combination of these will be used in the process of regaining access to the account, which is necessarily more difficult when it is part of an APP.