Google says its secure entry passkeys have been used a billion times

As part of World Password Day (yes, that’s a thing), Google is hyping up its security achievements and sharing updates on its latest endeavors. The company revealed passkey adoption metrics for the first time and said they have been used more than one billion times by 400 million Google accounts. “Since launching, passkeys have proven to be faster than passwords, since they only require users to simply unlock their device using a fingerprint, face scan or pin to log in,” Google wrote.

The company launched broad support for passkeys in 2022 and rolled them out across its services a year ago. Over the past 12 months, the technology has been adopted by Amazon, 1Password, Dashlane, Docusign and others, joining companies like eBay, PayPal and WhatsApp. Google boasted that the tech helped Kayak users sign in 50 percent faster and said Dashlane has seen a 70 percent increase in conversion with passkeys.

Google will soon be expanding passkeys to users at the highest risk of targeted attacks as part of its Advanced Protection Program (APP). That offering is aimed at individuals including campaign workers and candidates, journalists, human rights workers and others, according to the company.

“APP enrollment traditionally required the use of hardware security keys as a second factor, but users will soon have the option to enroll with any passkey in addition to using their hardware security keys,” Google wrote. “This expanded passkey support will help reduce the barrier of entry to APP while still providing phishing resistant authentication… [and] is coming during a critical election year.”

It’s also expanding Cross-Account Protection to safeguard users on multiple platforms. That system lets Google share security notifications about suspicious event with non-Google apps and services. “This is a critical benefit since cybercriminals often use an initial entry point as a foothold to gain access to more of your information.”

Google suggests creating a passkey for your account to benefit from the new protections. In the meantime, practice good password hygiene by using long passwords with a mix of characters, numbers and symbols, applying two-factor authentication (2FA), never recycling passwords and more. According to HIPAA, attackers can crack a simple 8-number password in just 37 seconds, but it takes 19 quadrillion years to break an 18-digit cypher with a mix of numbers, upper and lowercase letters and symbols.