Why it matters: Google has offered its Advanced Protection Program for accounts facing an elevated risk of cyberattacks for years. However, the tool has required a physical security key – until now. With passkeys, the company aims to make using and enrolling in APP easier while preserving its heightened security.
Users wishing to tighten the security of their Google accounts can now activate the company's extra account controls using a passkey instead of a physical key. The move represents another significant expansion for passkeys, which tech giants have hailed as a replacement for passwords.
Advanced Protection Program (APP) places extra security layers in front of Google account logins, restricts third-party services from logging into Google, and disables sideloading on Android devices. Most users won't need it, as the system is designed for highly visible accounts that might become attractive targets for phishing, such as those belonging to public figures, diplomats, celebrities, or journalists.
APP typically requires a password and a physical key like a USB or Bluetooth dongle. Using a passkey instead allows more common digital devices like smartphones or laptops to serve as the physical key.
Passkeys started gaining wide support in 2022. They enable logging into supported websites and services using biometrics or PINs tied to specific devices. Authentication codes are stored locally and not on servers, making passkeys more secure than passwords.
Numerous services and tech companies like Microsoft, Apple, and Google have cooperated to make passkeys work across all major platforms. As a result, a user can log onto a Google service on their Windows PC using the PIN, Touch ID, or Face ID on their iPhone.
Expanding the functionality to APP makes the security lockdown more accessible to those who perhaps can't afford a physical key (the company offers Titan keys for $30) or must activate it on short notice and lack the time to acquire one. The passkey enrollment process is now part of the standard APP activation procedure. Simply click on "Get started" and follow the onscreen directions. Users can still opt for physical keys instead of passkeys.
Moreover, Google announced a new program to offer journalists and human rights workers digital security training to better guard against phishing and other cyberattacks. The company is cooperating with Internews, a support organization for media outlets around the world. Google's program will open in 10 countries in Europe, Asia, and Latin America.