Google has launched passkey support for Workspace and Google Cloud accounts, offering enterprises a passwordless way for workers to login.
At the start of this month, the company added passkey support for Google Accounts, letting individual users log in without a master password at all. It’s continued push for the passwordless technology reflects the tech giant’s confidence in this brave new world of credential security.
Starting today, Google says that more than 9 millions organizations will be able to take advantage of the cutting-edge tech, aimed at significantly reducing security risks whilst at the same time being much more convenient.
Passkeys make use of two cryptographic keys – a public and a private. The public one is stored by the service you are trying to access, whilst the private key is stored on your device.
No one knows what this key is – not even you – which is why it is claimed to be phishing resistant. When you initiate a login, the two keys combine to give you access. All that is needed for authentication is whatever method you use to lock your device, such as a PIN, fingerprint scan or facial recognition.
Phishing attacks continue to rise and even if you use the best password manager and the strongest passwords courtesy of the best password generators, it is still possible that slip-ups, user error, malware and the like may lead to your credentials becoming compromised.
Google Workspace managers Jeroen Kemperman and Shruti Kulkarni cite some worrying research that spells clear the magnitude of the problem. For instance, Over 60% of data breaches in 2021 involved stolen credentials or phishing; Data breaches caused by phishing cost organizations $4.91 million on average in 2022; and Phishing attacks grew 61% in 2022, reaching 255 million in a six-month period.
Google claims it has been at the forefront of ushering in a new era of credential security, with technology such as AI being used to automate defenses, as well as being a board-level member of the FIDO alliance – the open-industry association that sets the standards for passwordless solutions. The board also features the other major players in the tech world: Apple, Amazon, Meta, Microsoft.
Google claims it is now the first major public cloud provider to bring this technology to business customers, from small and large enterprises to schools and governments. Passwords can still be used, but now there is an easier way to log in; according to Google’s own data, passkeys are twice as fast as passwords and quadruple less error prone.
The use of passkeys with Google Workspace will be rolled out over the next few weeks, with controls for admins also coming to allow users within the organization to skip passwords altogether or use them merely as a method of two-factor authentication in conjunction with a password.