Google said that users of Android and Chrome would soon be able to use passkeys to protect themselves from credential leaks and phishing attacks.
According to Microsoft, the passwords would be phased out across mobile, desktop, and browsers designed to replace passwords; instead, biometric verification will be used for authentication. They can be synced on multiple devices but cannot be reused and, unlike passwords, cannot be leaked, with “passkeys” being the replacement. The giants and the FIDO Alliance back passkeys.
Passwords, while convenient, are inherently flawed in how they can be abused. If someone gets your password, a single factor of authentication, they can often gain access to your online accounts. That’s why we have the likes of two-factor authentication, which combines something you know with something you have, such as your smartphone.
However, if you use something like an SMS code, someone could, in theory, spoof your phone number and take that code. It’s not totally secure, and there are multiple potential entry points for a would-be attacker. That’s why passkeys, which Google has announced it’s bringing to both Android and Google Chrome, are important.
Read also: Google unveils the new Chromecast
Key functionalities enabled by passkeys include:
- Users of Android devices can use the Google Password Manager to create and use passkeys that are securely synced.
- With the WebAuthn API, developers can add support for passkeys to their websites so that Chrome, Android, and other compatible devices can use them.
Developers may use Chrome Canary and sign up for the Google Play Services beta. Later this year, these functionalities will be broadly accessible via reliable channels.
How it works is simple on Android
This will turn your smartphone into a passkey that can be used to log in to a website. These passkeys are then synced through the Google Password Manager for easy access across your devices.
For the end user, creating a passkey requires just two steps:
- Validate the passkey account details.
- They can display their fingerprint, face, or screen lock when required.
Google Chrome will soon allow fingerprint authentication for incognito tabs
How to utilize an Android phone’s passkey on a nearby PC.
You may sign in to a nearby device using a passkey from your phone. For instance, an Android user may now sign in to a website that supports passkey using Safari on a Mac. That, Chrome’s passkey support enables users to perform the same actions using a passkey saved on an iOS device, such as while using Chrome on a Windows computer. Because passkeys follow industry standards, they offer the same user experience on Windows, macOS, iOS, and ChromeOS, among other operating systems and browsers.
Google claims that an API for native Android applications will be their next achievement in 2022. Apps associated with the same domain will function flawlessly with passkeys provided using the web API and vice versa. The native API will allow developers a uniform mechanism to let the user choose between a passkey and a stored password. Both passwords and passkeys have a smooth and easy-to-understand user experience, so users and developers can switch to passkeys gradually.