Google announced new achievements and shared some updates for Passkeys on World Password Day. The search giant revealed passkeys have been used more than one billion times across 400 million accounts in less than a year.
The new authentication technology was first introduced for Android and Chrome in 2022. At the time, Google allowed developers to access passkeys via Google Play Services beta and Chrome Canary. A year later, the company launched passkeys for Google Accounts to let users sign in without typing passwords.
Noting an increase in usage of passkeys, Google said:
Passkeys are easy to use and phishing resistant, only relying on a fingerprint, face scan or a pin making them 50% faster than passwords.
In fact, on a daily basis passkeys are already used for authentication on Google Accounts more often than legacy forms of 2SV, such as SMS one-time passwords (OTPs) and app based OTPs (such as Authenticator apps) combined.
Google is working on enhancing the security for high-risk users and will soon add passkeys support to its Advanced Protection Program (APP), which currently offers hardware security keys as an extra layer of safety. The program is meant to protect users such as journalists, campaign workers, and human rights workers, who are at risk of targeted attacks. It said:
APP traditionally required using hardware security keys as a second factor; but soon users can enroll in APP with any passkey in addition to their hardware security keys; or use their passkeys as a sole factor or along with a password.
There is a growing list of companies adding support for passkeys in their products and services, including Amazon, Shopify, Yahoo! JAPAN, Kayak, and more, joining the likes of WhatsApp, Uber, and PayPal. Google said that passkeys have enabled Kayank users to sign in 50% faster than before. Microsoft just announced it has added passkey support for all consumer Microsoft accounts.
It"s already possible to store passkeys on security keys, Google said, adding that users now have more flexibility to decide where they want to store their passkeys. Third-party party password managers such as Dashlane and 1Password are using passkeys management APIs on Android and other operating systems.