In May 2022, three tech giants Apple, Google and Microsoft said they were planning to kill off the use of passwords across mobile, desktop and browsers, with “passkeys” being the replacement. Passkeys are backed by the giants and the FIDO Alliance.
Apple implemented the support in iOS 16 and now Google is bringing passkey support to both Android and Chrome.
It has been touted that Passkeys are a significantly safer replacement for passwords and other phishable authentication factors. They cannot be reused, don’t leak in server breaches, and protect users from phishing attacks. Passkeys work across different operating systems and browser ecosystems, and can be used for both websites and apps.
According to Google in a blog post,
“Today’s announcement is a major milestone in our work with passkeys, and enables two key capabilities:
- Users can create and use passkeys on Android devices, which are securely synced through the Google Password Manager.
- Developers can build passkey support on their sites for end-users using Chrome via the WebAuthn API, on Android and other supported platforms.”
Developers can enroll in the Google Play Services beta and use Chrome Canary. Both features will be generally available on stable channels later this year.
How to a website on an Android device with a passkey
For the end-user, creating a passkey requires just two steps: (1) confirm the passkey account information, and (2) present their fingerprint, face, or screen lock when prompted.
Signing in is just as simple: (1) The user selects the account they want to sign in to, and (2) presents their fingerprint, face, or screen lock when prompted.
How to sign in to a website on a nearby computer with a passkey on an Android device
A passkey on a phone can also be used to sign in on a nearby device. For example, an Android user can now sign in to a passkey-enabled website using Safari on a Mac. Similarly, passkey support in Chrome means that a Chrome user, for example on Windows, can do the same using a passkey stored on their iOS device.
Since passkeys are built on industry standards, this works across different platforms and browsers – including Windows, macOS and iOS, and ChromeOS, with a uniform user experience.
Goosgle says its next milestone in 2022 will be an API for native Android apps. Passkeys created through the web API will work seamlessly with apps affiliated with the same domain, and vice versa. The native API will give apps a unified way to let the user pick either a passkey or a saved password. Seamless, familiar UX for both passwords and passkeys helps users and developers gradually transition to passkeys.
