Google has streamlined the process for joining its Advanced Protection Program, a security initiative tailored for individuals who are more vulnerable to targeted online attacks, including political campaign staff and journalists.
Initially, setting up the program required two physical security keys. Now, participants can configure it using a single passkey, utilizing the built-in biometric features of Pixel phones or iPhones.
Launched in October 2017, the Advanced Protection Program also mandates additional recovery methods such as a phone number, email address, or a second passkey to help users regain access if locked out.
Passkeys offer a password-free login solution that relies on cryptographic keys for secure authentication. They replace traditional passwords with a key pair: a public key stored on the server and a private key kept on the user’s device.
During login, the device signs a server challenge with the private key, which the server then verifies using the public key. This system employs biometric authentication to ensure only the device’s owner can access the account.
The FIDO Alliance, a coalition of tech companies including Google, Microsoft, and Apple, developed the concept of passkeys. This group was formed to tackle the issues of strong authentication device interoperability and the reliance on passwords.
The development of passkeys and the underlying FIDO2 standard began in the early 2010s. The FIDO Alliance released its first specifications in 2013. The U2F (Universal 2nd Factor) standard was an early step towards the final FIDO2 standard.
By 2018, the FIDO2 standard was complete, integrating the WebAuthn API, which facilitated broader use across web browsers and services. In recent years, major tech companies have increasingly adopted passkeys, making them a viable alternative to traditional passwords.
Source: The Verge
–
July 10, 2024 – by Ali Nassar-Smith
Follow Us