The past, present and future of authentication

We were pleased to take part in the Biden Administration’s symposium today focused on multi-factor authentication (MFA), continuing the industry’s ongoing efforts to strengthen authentication for online security.

Today, we’re happy to report that more than 70% of Google Accounts, owned by people regularly using our products, automatically benefit from second factor authentication that confirms their identity when a suspicious sign-in is detected. For users who want more control, we offer the ability to add MFA to every sign-in, and for high risk users, we offer our Advanced Protection Program.

Supporting MFA for critical systems is one of the most effective ways to reduce the risk of significant cyber incidents. Citizens rely on online services from governments and private organizations to do things like manage their retirement benefits, pay their utility bills and handle other tasks requiring personal information. Authentication is at the heart of ensuring the right people — and only the right people — can access such critical services. Traditional forms of authentication, like passwords, have proven to be hard to use securely or administer safely. Google has long supported the industry's attempt to advance security using new technologies. That’s why we introduced passkeys — alongside the FIDO Alliance, Apple, and Microsoft — and we officially rolled out support for passkeys across Google Accounts. We're committed to taking the burden of security off users and organizations by building all of our products to be secure by default.

Looking back at our authentication history

Nearly 15 years ago, Operation Aurora completely changed the way we approach security at Google. We moved to a new enterprise security model, BeyondCorp, that prioritized identity and strong authentication as foundational to our zero-trust architecture. On the consumer side, we popularized MFA by releasing Google Authenticator in 2011 and offering MFA for all Google Accounts. Simultaneously, we realized the need for stronger phishing-resistant technologies, resulting in the development and broad deployment of security keys for Google staff which neutralized password phishing. In 2013, we joined the FIDO Alliance to standardize and expand the work we’d done with security keys, leading to WebAuthn and related standards.

Looking ahead

Continued innovation in the authentication space is how we keep users safe as technology progresses. Passkeys, a more user-friendly, cost-effective and approachable form of MFA, are our latest tool.

We were happy to take part in today’s White House symposium, and welcome more opportunities for the public and private sectors to discuss the importance of strong authentication methods together.