Google is adding passkeys to the Advanced Protection Program for high-risk users. Passkeys provide an additional layer of security against phishing attacks.

Google announced in a blog post that high-risk users who enroll in the Advanced Protection Program (APP) can now use passkeys. Traditionally, users needed a physical security key for the APP. Now they can choose a password to secure their account. A passkey uses two keys in two places that must be identified, making it more secure against phishing attacks.

Master key

A passkey is a more secure alternative to passwords because it works with two cryptographic keys. This means that one key is on the service you want to log into, in this case the Google account. The other key is linked to your device. This key is behind an additional layer of authentication such as a PIN code or fingerprint scan.

By using two keys, users can better protect themselves against phishing attacks. No matter how clever the phishing website is, without the second key on your device with your identification, it has no chance. Google made the passkeys available to Google users last year, but now they are also available to high-risk users within the APP.

Advanced protection program

Google users who are at high risk of targeted attacks, such as journalists or politicians, can sign up for the Google APP. This service is aimed at high-risk users, but anyone who wants to can now sign up.

The APP has mandatory security measures such as an external security key, but multi-factor authentication is also necessary. In addition, the process to recover an account is much more complex. You can register for the APP through the Google website.