Google Makes It Easier For Users To Enable Advanced Account Protection

Illustration of Google Passkey (photo: x @royalhansen)

JAKARTA - Google introduces new conveniences for users who want to secure their accounts with strong multifactor authentication through the Advanced Protection Program (APP). Users can now use cryptographic keys in the form of passkeys, not just physical token devices.

Google has made it easier to activate the Advanced Protection Program (APP) by adding an option to store secure cryptography keys in the form of a passkey. APP, introduced in 2017, requires the strongest multifactor authentication (MFA).

While many forms of MFA rely on one-time code sent via SMS or email or generated by the authentication app, an account registered with APP requires MFA based on a cryptographic key stored on a safe physical device.

APP Features and Functionality

APP requires a key accompanied by a password every time a user logs into an account on a new device. This protection prevents the takeover of an account that allows Kremlin-backed hackers to access the Gmail account of US Democratic Party officials in 2016.

Previously, users were required to have two physical security keys to register at APP. Now, Google allows users to use two passkeys or one physical token. For those who want further security, users can register using as many keys as they want.

"We are expanding the options so that people have more options in registering for this program," said Shuvo Chatterjee, project leader of APP, quoted by VOI from Ars. The move is in response to comments from users who are unable to buy physical keys or live in areas where physical keys are not available.

Users still have to have two keys to register so they are not locked from the account if one of them is lost or damaged. The process of recovering an APP account is stricter and takes longer than an account that is not registered with this program.

Security with Passkey

Passkey is a creation of the FIDO Alliance, a cross-industrial group consisting of hundreds of companies. Passkey is stored locally on the device and requires a PIN or fingerprint or face scan. They provide two authentication factors: something the user knows' the password used during the passkey is first generated and something the user has in the form of a passkey-saving device.

Relaxation of this requirement only reaches a certain point because users still have to have two devices. However, by expanding the type of device needed, APP becomes more accessible because many people already have cell phones and computers.

"If you're somewhere where you can't get a security key, it's more comfortable," Chatterjee explained. "This is a step towards democratizing user access to the highest level of security Google has to offer."

Google still recommends users to provide phone numbers and email addresses as backups for account recovery. The recovery process involves various signals used to ensure security.

How to Register

Google users can register on APP via this link: Google Advanced Protection Program.

With this change, Google hopes to make it easier for more users to secure their accounts with additional layers of protection, providing higher security without sacrificing comfort.