As early adopters, Google Play Services Beta and Chrome Canary members now have access to passkey functionality, according to a post on the Android Developers Blog. The feature, which will roll out to all users “later this year,” will automatically enter saved passwords when a user’s credentials are verified.
This beta launch enables two features, one for users and one for developers:
- Users can create and use passkeys on Android devices, which are securely synced through the Google Password Manager.
- Developers can build passkey support on the web with Chrome, via the WebAuthn API, on Android and other platforms.
Passkeys Offer Stronger Security Measures, Better User Experiences
Operating like a password manager, passkeys enable password form autofill once a device is unlocked using biometric data like facial recognition or fingerprints, PIN, or pattern. This offers a significant security upgrade over traditional SMS, app-based one-time passwords, or push-based approvals.
“Passkeys are a safer and more secure alternative to passwords. They also replace the need for traditional second-factor authentication methods,” Google said in a Security Blog earlier this week. “Passkeys use public-key cryptography so that data breaches of service providers don’t result in a compromise of passkey-protected accounts and are based on industry-standard APIs and protocols to ensure they are not subject to phishing attacks.”
To create a passkey on an Android device, users will need to confirm they wish to create one and authenticate with their sign-in method. Passkeys are managed through Google Password Manager, where they’ll be automatically backed up to the cloud to prevent lockouts in case of lost devices.
Tech Giants Working Together on Passkey Standard
Passkeys have received industry-wide support and earlier this year, Microsoft, Apple, and Google announced extended support for the Fast Identity Online (FIDO) standard.
“In addition to facilitating a better user experience, the broad support of this standards-based approach will enable service providers to offer FIDO credentials without needing passwords as an alternative sign-in or account recovery method,” the three tech providers said in a joint press release with the FIDO Alliance earlier this year.
Android-Native API Coming Later This Year
“Our next milestone in 2022 will be an API for native Android apps,” Google said in the Developers Blog. “Passkeys created through the web API will work seamlessly with apps affiliated with the same domain and vice versa.”a
Native API will allow users to choose to use either a passkey or their saved password. Using a familiar user experience, the goal is to help users and developers seamlessly transition to passkeys.
Featured image: Shutterstock/Blue Andy