Skip to content

Google’s Advanced Protection Program adds passkeys for security

  • by
  • 2 min read

Google has announced the integration of passkeys for high-risk users enrolled in its Advanced Protection Program (APP) to provide a high level of account security to individuals such as activists, journalists, business leaders, and political teams often targeted by online attacks.

The Advanced Protection Program is a free service designed to block unauthorised access to Google accounts and add layers of protection against phishing attacks, malicious apps, and data theft. Introducing a passkey enhances this protection by offering a more secure alternative to traditional passwords.

Passkeys, unique to each device (computer, tablet, or smartphone), function locally, significantly reducing the risk of data breaches.

Users can now authenticate access to websites, online services, and apps using biometric sensors like fingerprint scanners, facial recognition, PINs, hardware security keys, or screen lock patterns.

Recognising the potential inconvenience and the challenge of accessing or purchasing security keys, Google has now made passkeys a viable option

“Traditionally, users were required to have two physical security keys to enrol in APP, using their password and one of the security keys to log in. However, we understand that users might not always have access to physical security keys or the ability to buy one. For example, this could be difficult for a journalist covering a war zone, a travelling campaign worker, or a business leader taking a last-minute trip,” notes Shuvo Chatterjee, Product Lead, Advanced Protection Program.

High-risk users interested in enrolling in the Advanced Protection Program with a passkey need a compatible device and browser. Then they must visit the APP enrollment page, click on Get started, and follow the on-screen instructions to complete the enrollment.

Additionally, Google requires a recovery option during enrollment, such as a phone number, email, or another passkey/security key, to ensure users can regain access to their accounts if they are locked out.

Google implemented passkeys as part of broader security measures in May 2023, replacing passwords. After a year, in May 2024, the company boosted passkeys and expanded Cross-Account partners.

Google also announced a new partnership with Internews to provide security keys and cybersecurity training to journalists and human rights workers.

In the News: Popular RADIUS authentication broken in new attack

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: