Google on Wednesday announced support for passkeys, a safer and more secure alternative to passwords, on Android and Chrome. The feature is currently available for developers to test, with general availability following later this year.
Passkeys replace the need for traditional 2nd-factor authentication methods such as text messages, app-based one-time codes or push-based approvals. Based on industry standard APIs and protocols, passkeys are not subject to phishing attacks and can be used for both websites and apps.
“Google remains committed to a world where users can choose where their passwords, and now passkeys, are stored. Please stay tuned for more updates from us in the next year as we introduce changes to Android, enabling third-party credential managers to support passkeys for their users,” the company said.
With this announcement,
- Users can now create and use passkeys on Android devices, which are securely synced via the Google Password Manager.
- Developers can build passkey support on their sites for end-users using Chrome via the WebAuthn API, on Android and other supported platforms. They can enroll in the Google Play Services beta and use Chrome Canary.
To create a passkey:
- Confirm the passkey account information
- Present your fingerprint, face, or screen lock when prompted.
To create or use passkeys stored in the Google Password Manager a screen lock needs to be set up. This not prevents others from using a passkey even if they have access to the user’s device but is also necessary to facilitate end-to-end encryption and safe recovery in case you lost your device.
“Passkeys are the result of an industry-wide effort. They combine secure authentication standards created within the FIDO Alliance and the W3C Web Authentication working group with a common terminology and user experience across different platforms, recoverability against device loss, and a common integration path for developers. From the user’s point of view, using passkeys is very similar to using saved passwords, but with significantly better security,” Google explained in a blog post.