Passkeys, Cross-Account Protection and new ways we’re protecting your accounts

Passwords are often at the core of today’s major cybersecurity issues, which is why we’ve continued to create new authentication technology over the years. In 2022, for World Password Day, we launched passkeys. Today, we’re proud to announce that they have since been used to authenticate users more than 1 billion times across over 400 million Google Accounts.

We’re also excited to announce the expansion of our Cross-Account Protection program and new updates to passkeys.

Expanding Cross-Account Protection

We’re expanding Cross-Account Protection — our program for sharing security notifications, in a privacy-preserving way, with other companies that run the non-Google apps and services you use. This helps prevent cybercriminals from gaining a foothold in one of your accounts and using it to infiltrate others. We are currently protecting 2.4 billion accounts across 3.4 million apps and sites, and are growing our collaborations across the industry to keep billions of users safer online. It’s built on the Shared Signals Framework, which we helped create and launch in 2019, and in the coming year we’re expanding our partnerships and support for this program. Stay tuned for which of your favorite apps and services begin using Cross-Account Protection.

Passkeys reaches a milestone — and what’s next

In less than a year, passkeys have been used to authenticate people more than 1 billion times across over 400 million Google Accounts. Passkeys are easy to use and phishing resistant, only relying on a fingerprint, face scan or a pin making them 50% faster than passwords. In fact, on a daily basis passkeys are already used for authentication on Google Accounts more often than legacy forms of 2SV, such as SMS one-time passwords (OTPs) and app based OTPs (such as Authenticator apps) combined.

  • Passkeys for high risk users. We’ll soon support the use of passkeys to enroll in our strongest security offering, the Advanced Protection Program (APP). APP safeguards users who are at the highest risk of targeted attacks, including campaign workers and candidates, journalists, human rights workers, and more. APP traditionally required using hardware security keys as a second factor; but soon users can enroll in APP with any passkey in addition to their hardware security keys; or use their passkeys as a sole factor or along with a password. In a critical election year, we’ll be bringing this feature to our users who need it most, and continue to work with experts like Defending Digital Campaignsthe International Foundation for Electoral SystemsAsia CentreInternews and Possible to help protect global high risk users.
  • More choice in where you store your passkeys. We are pleased to see independent password manager vendors, such as 1Password and Dashlane, now leveraging the passkeys management APIs on Android and other operating systems. This important milestone, together with the ability to store passkeys on security keys, will give users more control.
  • Growing industry support for passkeys. Since we launched passkeys we’ve seen our list of partners grow, strengthening security for people across platforms. In just the last 12 months, Amazon, 1Password, Dashlane, Docusign, Kayak, Mercari, Shopify and Yahoo! JAPAN have started rolling out passkeys, joining early adopters like eBay, Uber, PayPal and Whatsapp. In fact, Dashlane is seeing a 70% increase in conversion with passkeys and Kayak users are signing in 50% faster than before.