Google has recently made it easier for users to protect their accounts using strong multifactor authentication. Instead of requiring two physical keys, Google now allows users to store secure cryptographic keys in the form of passkeys. This change is part of Google’s Advanced Protection Program, which was introduced in 2017 to provide the highest level of security for user accounts.
The Advanced Protection Program (APP) requires users to have a key accompanied by a password when logging into their accounts on a new device. This added security measure helps prevent unauthorized access to accounts, such as the account takeovers that occurred during the 2016 presidential election. Previously, Google mandated users to have two physical security keys to enroll in APP, but now users can opt to use two passkeys or a combination of a passkey and a physical token.
Passkeys are a creation of the FIDO Alliance and are stored locally on a device. They provide two factors of authentication: something the user knows (the underlying password) and something the user has (the device storing the passkey). Passkeys cannot be extracted from the device and require additional authentication such as a PIN, fingerprint, or face scan.
While users still need to have two devices for enrollment, the option to use passkeys or a combination of passkeys and physical tokens makes the program more accessible to a wider range of users. Google aims to democratize access to the highest security tier it offers by expanding the types of devices that can be used for authentication.
In addition to these changes, Google recommends that users provide a phone number and email address as backup in case they lose access to their security key. The recovery process for APP accounts is more rigorous and time-consuming, so having multiple backup options is essential for account recovery.
The process of enrolling in APP is straightforward and can be done by visiting a specific link provided by Google. By implementing these changes and recommendations, Google is working towards providing users with a more accessible and secure account protection program.
