Google has launched passkey support for its Workspace and Cloud accounts to enable users to log in without a password. The technology is aimed at significantly reducing security risks whilst at the same time being more convenient. Passkeys offer two cryptographic keys – a public and a private key to identify users without the need for a master password. The public key is stored by the service being accessed, while the private key is stored on the user’s device. The two keys combine to authenticate the user when they initiate a login. This passwordless authentication system is considered more secure than traditional password-based authentication.
Phishing scams continue to rise, with Google citing worrying research on the scale of the problem. In 2021, more than 60% of data breaches involved stolen credentials or phishing, which cost organizations $4.91 million on average in 2022. Phishing attacks grew 61% last year, to 255 million in a six-month period.
Google is reportedly at the forefront of ushering in a new era of credential security, with technology such as AI being used to automate defenses. The company is a board member of the FIDO alliance, which sets standards for passwordless solutions, and the first major public cloud provider to bring this technology to business customers. Passkeys with Google Workspace will be rolled out over the next few weeks. According to Google data, passkeys are twice as fast as passwords and reduce errors by four times.