In a recent symposium organized by the Biden Administration, Google discussed the importance of multi-factor authentication (MFA) in enhancing online security. The company highlighted that over 70% of Google Accounts, used by regular product users, automatically have second factor authentication enabled, adding an extra layer of identity verification when suspicious sign-ins are detected. Additionally, Google offers users the option to add MFA to every sign-in, and for high-risk users, it provides the Advanced Protection Program.

Supporting MFA for critical systems is crucial in reducing the risk of cyber incidents. Online services provided by governments and private organizations are heavily relied upon by citizens for various tasks that involve personal information. Authentication plays a vital role in ensuring that only authorized individuals can access these critical services. However, traditional authentication methods like passwords have proven to be difficult to use securely. Recognizing this issue, Google has been actively supporting the adoption of new technologies to enhance security. It introduced passkeys in collaboration with the FIDO Alliance, Apple, and Microsoft. Passkeys are now fully supported across all Google Accounts, with the aim of making security seamless and effortless for users.

Google’s approach to authentication has evolved over the years. The Operation Aurora security breach in 2007 prompted a shift in their security strategy, leading to the adoption of the BeyondCorp model, which prioritizes identity and strong authentication within a zero-trust architecture. On the consumer side, Google released Google Authenticator in 2011, popularizing MFA and making it accessible to all Google Accounts. Recognizing the need for stronger protection against phishing attacks, Google developed security keys for its staff, effectively neutralizing password phishing attempts. This effort led to their collaboration with the FIDO Alliance and the establishment of WebAuthn and related standards.

Looking ahead, Google believes that continued innovation in authentication methods is crucial to ensuring user safety in the face of advancing technology. Google sees passkeys as a user-friendly, cost-effective, and approachable form of MFA and considers it to be their latest tool in enhancing security.

Google’s participation in the White House symposium demonstrates their commitment to working together with the public and private sectors to prioritize strong authentication methods. By sharing knowledge and expertise, they aim to create a safer digital environment for users.