Google is expanding its passcode work in a bid to increase security around the world ahead of a series of major elections, including the US presidential race, scheduled for 2024.
In a blog post, the search giant revealed that it will soon support the use of passcodes to enroll in its Advanced Protection Program (APP), a security offering from Google designed for high-risk people such as journalists, human rights or presidential candidates. campaign workers.
“In a critical election year, we will bring this feature to our users who need it most and will continue to work with experts like Defending Digital Campaigns, the International Foundation for Electoral Systems, Asia Centre, Internews and Possible to help protect globally. high-risk users,” the company said.
Malicious interference
Previously, for the app, users needed a form of hardware security as a second factor, but soon users will be able to sign up for the app with any passcode in addition to their hardware security keys, Google explained. In addition, they can use access codes as the only element or link them with a password.
If you're not sure why Google is correlating passcodes with the US presidential election, there have been reports that Russian state-sponsored threat actors, as well as other Russian-affiliated groups, influenced or attempted to influence previous elections. They allegedly did this through social media campaigns and misinformation, often using stolen accounts in the process.
Google also revealed that more and more third-party password managers are taking advantage of passcode management APIs on Android and other operating systems, and that support for passcodes is growing across the industry.
It also said consumers responded in kind: “In less than a year, passkeys have been used to authenticate people more than one billion times across more than 400 million Google accounts,” the company said. “In fact, daily passkeys are already used for authentication in Google accounts more frequently than legacy 2SV forms, such as SMS one-time passwords (OTPs) and app-based OTPs (such as authentication applications) combined.