By Karla Reffold
Google announced that their Passkeys have been used over 1 billion times since they were introduced in 2022.
Passkeys are a replacement for passwords and other phishable authentication factors. They leverage public-key cryptography and biometrics to create unique digital keys that stay securely on your devices and cannot be guessed, leaked, or phished.
Google has recently accelerated the rollout of passkeys across its products and services. Starting in April 2024, users will be able to create passkeys for their Google Accounts on Android, Chrome, Windows, and macOS. These passkeys can then be used to sign in to Google services without a password. As part of this transition, Google is making it easier for users to migrate from passwords to passkeys on existing accounts.
When you sign in to a service that supports passkeys, your device will generate a unique digital key pair. The private key remains securely stored on your device, while the public key is registered with the service. During future logins, your device uses the private key to prove ownership and authenticate, without ever revealing the key itself.
Passkeys offer several key advantages over traditional passwords:
- Immune to phishing and password theft, as there’s no password to steal.
- No need to remember complex passwords or use password managers.
- Biometrics like fingerprints or facial recognition can be used for added security.
- Sync passkeys across devices for seamless access everywhere.
In almost 60% of Surefire Cyber response cases, companies did not have multi-factor authentication (MFA) fully implemented which may have prevented an attack. In 2024 we also noticed an increase in threat actors using techniques to bypass MFA. New authentication methods such as Passkeys and more secure MFA methods are essential for organizations to protect themselves.