In a recent blog post titled “Beyond the password: Google Workspace brings a major security innovation to customers with passkeys,” Shruti Kulkarni, Engineering Manager at Google Workspace, and Jeroen Kemperman, Product Manager at Google Workspace, unveiled an exciting development in the realm of security.
Passwords have long been the standard method for authentication, but passwords no longer sufficient in protecting users’ data from phishing attacks and security breaches. Recognizing this vulnerability, Google has been leading the charge against password-related threats and phishing attacks. As part of their efforts, they have championed the development of physical security keys and their standardization under the FIDO Alliance.
Building upon this foundation, Google has introduced passkeys as a passwordless sign-in method. Passkeys offer a secure and convenient authentication experience across websites and applications. Users can sign in using their fingerprint, face recognition, or other screen-lock mechanisms on their phones, laptops, or desktops. Passkeys adhere to industry standards and are compatible with popular browsers and operating systems such as Android, ChromeOS, iOS, macOS, and Windows.
Passkeys provide several advantages over traditional passwords. They eliminate the need for users to remember or type passwords, reducing the risk of password-related vulnerabilities. Passkeys cannot be written down or accidentally shared, enhancing security. Google’s early data has shown that passkeys are twice as fast and four times less error-prone than passwords, making them a more user-friendly option.
One of the key benefits of passkeys is their resistance to phishing attacks. They are based on the same public key cryptographic protocols used in physical security keys, such as Google’s Titan Security Key. Passkeys offer stronger protection against automated bots, bulk phishing attacks, and targeted attacks compared to traditional two-factor authentication methods like SMS or app-based one-time passwords.
Passkeys have already been leveraged by Snap Inc. to enhance security for their employees. By adopting passkeys, Snap Inc. has reduced the risk of password leakage and account takeovers. The convenience and security of passkeys make them an ideal solution for organizations of all sizes, including small businesses, large enterprises, schools, and governments.
User privacy is a top priority with passkeys. When using passkeys to sign in to Google Workspace apps like Gmail or Google Drive, the passkey verifies the user’s access to the device through biometric authentication. However, the user’s biometric data is never sent to Google’s servers or other websites and apps, ensuring privacy and security.
Google is gradually enabling passkeys for users and providing controls for Workspace administrators over the next few weeks. Administrators can allow users in their organizations to skip passwords and use passkeys as the primary sign-in method. Users can visit g.co/passkeys to start using passkeys instead of passwords or as a two-step verification method.
Contact us today to learn more about how ITM can support your business with authorized Google Workspace licenses and comprehensive licensing services.
