Password removers known as “passwords” are already available to users of Google’s Advanced Protection Program, which works to add an extra layer of account protection for people who fear they might face targeted digital attacks. The company has been supporting passwords for all regular individual accounts for more than a year now, and made them the default login option in October. But Google waited to offer passwords to app users until it was confident the community was ready to take the plunge.
APP users are often in a public-facing role or doing controversial work. Anyone can sign up for free, but enabling Advanced Protection comes with strict requirements for adding multi-factor authentication to an account, which previously involved hardware tokens. However, with the addition of access keys, APP project manager Shuvo Chatterjee notes that APP’s defensive benefits will now be more usable and accessible to people around the world.
“Passwords are extremely strong. They’re a factor that can’t be hacked,” Chatterjee told WIRED ahead of today’s announcement. “And yet, it’s something that people have to carry around. If they lose it, it costs a lot. So, one question we keep getting from the industry is whether there are other ways to get the same level of security, but with something that’s more convenient and that we already have. Passcodes are something that works with the threat profile that our high-risk users face.”
In recent years, tech giants have stepped up their efforts to secure accounts and promote passcodes, a cryptographic authentication system, as a more secure substitute for the scourge of passwords. Passcodes are stored locally on devices (or can be stored on hardware tokens that support the protocol known as FIDO2) and are protected by a fingerprint, facial scan, or PIN. Advanced Protection will also continue to offer users the option to enable the service with traditional two-factor authentication, in which the hardware token is the second factor.