Google is kicking off World Password Day by updating us on its efforts to replace the oft-hacked, guessed, and stolen form of authentication with passwords. Their passwordless approach instead relies on device-based authentication, making login faster and more secure.
In a blog post on Thursdaythe company announced that more than 400 million Google accounts (on at least 1.5 billion reported since 2018) have used passwords since their deployment, recording over a billion authentications between them. The majority of users find them easier to use than passwords according to Google, adding that “since their launch, passwords have proven to be faster than passwords because they simply require users to simply unlock their device using a fingerprint, face scanner or PIN to log in. In.”
Google’s milestones suggest that many people are adopting the connection technology, but not everyone is convinced about how the rollout is going. Despite support for passwords from Microsoft, AppleGoogle and third-party login managers like 1Password And Dashlanemany people have posted about their resistance online, ranging from confusion over the need passwordshas complaints about various bugs or problems users have encountered them.
“Disappointment with technology seems to be the norm rather than the exception,” computer blogger William “Firstyear” said in a statement. post documenting several of these access key issues. “The helplessness of the users on these threads is evident – and they are early technical adopters. The users we need need to advocate for replacing passwords with passwords. If these users can’t make it work, how will people in other disciplines cope? »
“Passwords have been very successful, we have been using them for 70 years already. We’ve managed to fix most of the password issues, but they still suck, right? » Christiaan Brand, product manager for identity and security at Google, said The edge. “The transition path isn’t always easy, and you’ll have a whole group of very vocal users who were doing things in a very specific way who will now all tell you that the new thing you’re doing is bad.”
All of this suggests that the dream of creating a passwordless future will have to coexist with more recognized login methods in the near future. “I think as an industry we need to learn a little bit. We try to overcome that and sometimes we make mistakes too,” Brand said. “So we’re making some slight changes to some things that we’ve been doing, but ideally we need to go out there and show these early adopter services a path to make a conversion that would make sense.”
Brand says that over time, adding friction to the process of using potentially insecure passwords could promote passwords as the preferred login. “…if you use your password to access your Google account, that also means you can’t use your password, so either it’s a legitimate user who lost their device, or it’s a Vilain.” Brand gave an example in which users who sign in using a password instead of their password may be asked to wait 24 hours to gain access while Google performs security checks to ensure the account has not been compromised.
In a bid to bolster its security offerings during the upcoming US elections, Google also announced that passwords will be supported soon by its Advanced Protection Program (APP), which provides increased protection for high-profile Google account users such as journalists, activists, politicians and business leaders. APP users will have the option to use access keys alone or with a password or hardware security key.
Cross-account protection, which shares security notifications about suspicious activity on a user’s Google account with non-Google connected apps they use, is also being expanded with “additional collaborations.” Google says this will help better protect billions of users “no matter what platform they’re on” by preventing cybercriminals from accessing entry points that could expose users’ other accounts.
