Security Affairs
US and allied Governments’ Recommendations: Securing Network Devices Against Russian APT Groups|Chaotic Eclipse Unveils LegacyHive Exploit Affecting Fully Patched Windows Systems|AsyncAPI npm Supply Chain Attack: Malware Injected Into Packages With 2 Million Weekly Downloads|U.S. CISA adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog|SonicWall warns of active exploitation of two SMA 1000 zero-days|Patch Tuesday security updates for July 2026, the largest update ever. 621 CVEs in one month|U.S. Treasury Sanctions VPN Provider and Cryptor Seller Behind Billions in Ransomware Losses|Attacker Used AI to Build Custom PowerShell Recon Malware|Malware Hits Japan’s Largest Taxi Company Nihon Kotsu, Services Temporarily Suspended|CrashStealer: New macOS Infostealer Uses Signed Apps to Evade Gatekeeper|Lidl Notified Online Shop Customers in Germany, Belgium, and the Netherlands of a Data Breach|U.S. CISA adds a Cisco IOS flaw to its Known Exploited Vulnerabilities catalog|US and allied Governments’ Recommendations: Securing Network Devices Against Russian APT Groups|Chaotic Eclipse Unveils LegacyHive Exploit Affecting Fully Patched Windows Systems|AsyncAPI npm Supply Chain Attack: Malware Injected Into Packages With 2 Million Weekly Downloads|U.S. CISA adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog|SonicWall warns of active exploitation of two SMA 1000 zero-days|Patch Tuesday security updates for July 2026, the largest update ever. 621 CVEs in one month|U.S. Treasury Sanctions VPN Provider and Cryptor Seller Behind Billions in Ransomware Losses|Attacker Used AI to Build Custom PowerShell Recon Malware|Malware Hits Japan’s Largest Taxi Company Nihon Kotsu, Services Temporarily Suspended|CrashStealer: New macOS Infostealer Uses Signed Apps to Evade Gatekeeper|Lidl Notified Online Shop Customers in Germany, Belgium, and the Netherlands of a Data Breach|U.S. CISA adds a Cisco IOS flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Passwordless sign-in with passkeys is now available for Google accounts

Google announced the introduction of the passwordless secure sign-in with Passkeys for Google Accounts on all platforms. Google is rolling out the passwordless secure sign-in with Passkeys for Google Accounts on all platforms. Passwords are essential to protect services and data online, but when obtained by threat actors they can pose a risk to the […]

passwordless secure sign-in with Passkeys for Google Accounts

Google announced the introduction of the passwordless secure sign-in with Passkeys for Google Accounts on all platforms.

Google is rolling out the passwordless secure sign-in with Passkeys for Google Accounts on all platforms.

Passwords are essential to protect services and data online, but when obtained by threat actors they can pose a risk to the users.

Despite the IT giant has implemented defenses like 2-Step Verification and Google Password Manager, it recognizes that to really address password issues, it is necessary to adopt passwordless solutions. This means that when a user signs into a website or app on his/her phone, he/she will simply unlock the phone without needing a password for the account anymore.

In 2022, Google announced it would begin work to support passkeys on its platform to replace passwords. The day has come, and Google has begun rolling out support for passkeys across Google Accounts on all major platforms.

“passkeys let users sign in to apps and sites the same way they unlock their devices: with a fingerprint, a face scan or a screen lock PIN. And, unlike passwords, passkeys are resistant to online attacks like phishing, making them more secure than things like SMS one-time codes.” reads the announcement published by the company. “Over the past year we’ve shared updates on bringing passkey experiences to both Chrome and Android, which services like Docusign, KayakPayPalShopify and Yahoo! Japan have already deployed to streamline sign-in for their users. Starting today, this will be available as an option for Google Account users who want to try a passwordless sign-in experience.”

Passkeys are stored only on the users’ devices (PCs, smartphones, tablets), this means that to be used, it is simple enough to unlock the devices using a PIN or a screen lock biometrics (e.g. face recognition, fingerprints).

“When you use a passkey to sign in to your Google Account, it proves to Google that you have access to your device and are able to unlock it. Together, this means that passkeys protect you against phishing and any accidental mishandling that passwords are prone to, such as being reused or exposed in a data breach.” reads a post published by Google. “This is stronger protection than most 2SV (2FA/MFA) methods offer today, which is why we allow you to skip not only the password but also 2SV when you use a passkey.”

passwordless secure sign-in with Passkeys for Google Accounts

Google will maintain the other Google signing-in options, allowing users to log in to their accounts when they don’t have access to their devices.

Passkeys are securely synced to the cloud allowing users to replace the device used to generate them. Apple users that create a passkey on their iPhone, can use it on any other devices signed in to the same iCloud account.

“This protects you from being locked out of your account in case you lose your devices, and makes it easier for you to upgrade from one device to another.” continues the post. “If you want to sign in on a new device for the first time, or temporarily use someone else’s device, you can use a passkey stored on your phone to do so. On the new device, you’d just select the option to “use a passkey from another device” and follow the prompts. This does not automatically transfer the passkey to the new device, it only uses your phone’s screen lock and proximity to approve a one-time sign-in. If the new device supports storing its own passkeys, we will ask separately if you want to create one there.”

Users that want to start using passkeys on their personal Google Account can visit g.co/passkeys.

We are in the final!

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini

Please nominate Security Affairs as your favorite blog.

Nominate Pierluigi Paganini and Security Affairs here here: 

https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Google)