Google Workspace is enabling passkeys for over nine million organisations as a replacement for passwords.
Currently in open Beta, the new sign-in method provides enterprise users with a convenient and secure means of authentication via fingerprint, face recognition, and more from their phones, laptops, and desktops.
Last month, Google made passkeys available as an alternative sign-in option for personal Google Accounts.
Jeroen Kemperman, Product Manager at Google Workspace and Shruti Kulkarni, Engineering Manager at Google Workspace co-authored the company’s announcement of its expanded passkey solution for enterprise clients.
They wrote: “Over the past decade Google has been at the forefront of the battle against phishing and password-related threats, including with our automated defences powered by Google AI.
“We championed the development of physical security keys and their standardization under the FIDO Alliance.
“As a generally simpler and more secure alternative to passwords, passkeys represent the culmination of this work to bring phishing-resistant technology to billions of people worldwide.”
Passkeys are designed to protect against the growing number of phishing attacks that have led to the emergence of some alarming figures.
In 2021, more than 60 percent of data breaches included stolen credentials or phishing.
Last year, data breaches resulting from phishing attacks cost companies an average of $4.91 million.
Phishing attacks increased by 61 percent in 2022, culminating in 255 million attacks within a six-month period.
By introducing passkeys, Google has become the first public cloud provider to offer its customers this form of protection.
What is a Passkey?
A passkey is an authentication method that allows users to use screen-lock mechanisms that are tied to one of their physical devices.
Passkeys can be used across popular browsers and operating systems, such as Windows, Android, iOS, ChromeOS, and macOS.
Whereas passwords need to be written down or remembered, passkeys do not and Google’s data so far suggests that passkeys are twice as fast and four times less prone to errors than passwords.
Using the cryptographic protocols behind physical security keys, research by Google has demonstrated that they offer greater protections against automated bots, bulk phishing attacks, and targeted attacks than app-based one-time passwords, SMS, and other forms of two-factor authentication (2FA).
Advanced Protection Program customers who are at high risk of phishing attacks can use passkeys as well as physical security keys.
Passkeys have also been designed to keep user data private by never sending biometric data to Google’s servers, websites, or applications.
The Rollout Begins
Google has said that over the next few weeks, it will be enabling passkeys for users and controls for Workspace admins.
Administrators will be able to allow the users in their enterprise to skip passwords and opt for passkeys instead.
The passkey setting is off by default but users will still be able to create and use passkeys as a 2-Step Verification (2SV) method.
Last month, Google Workspace introduced pooled storage and shared drives to its Business Started plan.
In March this year, Google provided testers with access to its new generative AI writing features for Workspace.
The features will help users to draft, summarise, and reply to emails in Gmail, write and proofread in Docs, auto-generate media in Slides, draw insights and analysis in Sheets, create backgrounds and notes in Meet, and enable workflows in Chat.
