Google has added passkeys support to both Android and Chrome as of today.
Passkeys are a much safer alternative to passwords and other perishable authentication elements. They are non-reusable, do not leak in server breaches, and protect users from phishing assaults. Passkeys are built on industry standards, function across several operating systems, and may be used for both websites and apps.
Passkeys adhere to well-known UX conventions and improve on the existing experience of password autofill. Using one is comparable to using a stored password today, in that users merely authenticate using their existing device screen lock, such as their fingerprint. Passkeys on users’ phones and PCs are backed up and synchronised through the cloud to avoid lockouts. of device failure, Users may also utilise passcodes saved on their phone to login into apps and websites on other nearby devices.
[expander_maker id=”2″ more=”Read more” less=”Read less”]
On Android devices, users may generate and utilise passkeys that are securely synchronised using the Google Password Manager.
Passkey support may be added to websites for end users using Chrome’s WebAuthn API, as well as Android and other compatible devices.
Developers may test this now by enrolling in the Google Play Services beta and using Chrome Canary. Later this year, these functionalities will be broadly accessible on stable channels.
In 2022, we plan to release an API for native Android apps. Passkeys generated using the web API will function flawlessly with apps from the same domain, and vice versa. The native API will provide apps with a uniform approach to allow users to select between a passkey or a stored password. A consistent, familiar user experience for both passwords and passkeys aids users and developers in slowly transitioning to passkeys.
Using a passkey to sign in to a website on an Android device
The end user just has to do two things to create a passkey: (1) validate the passkey account details, and (2) when required, display their fingerprint, face, or screen lock.
Checking in is just as simple: (1) the user picks the account to which they wish to sign in, and (2) when requested, they provide their fingerprint, face, or screen lock.
Signing in to a website on a nearby computer using an Android cellphone and a passkey
A phone passkey can also be used to sign in to another device nearby. For example, an Android user may now use Safari on a Mac to sign in to a passkey-enabled website. Passkey support in Chrome, on the other hand, implies that a Chrome user, for example, on Windows, may perform the same thing using a passkey stored on their iOS device.
Because passkeys are built on industry standards, they function on a variety of systems and browsers, including Windows, macOS, and iOS & ChromeOS, with the same user interface.
They will continue to contribute to a password-free future
For years, we have collaborated with others in the industry, including Apple and Microsoft, as well as members of the FIDO Alliance and the W3C, to promote safe authentication standards. Since its introduction, we have released support for the W3C Webauthn and FIDO standards.
Today marks another significant milestone, but our job is far from over. Google is dedicated to a world in which users have control over where their passwords and, now, passkeys are stored.
Please stay tuned for additional updates from us over the next year as we make modifications to Android that will allow third-party credential managers to enable passkeys for their users.