Paskey support by Google for Android, Chrome
According to a post on the Android Developers Blog, Google Play Services Beta and Chrome Canary members now have access to passkey capabilities as early adopters. When a user’s credentials are validated, the feature, which will be available to all users “later this year,” will automatically insert saved passwords.
Two features are available with this beta launch, one for users and one for developers. On Android devices, users can generate and utilise passkeys that are securely synchronised through the Google Password Manager. Additionally, via the WebAuthn API, developers can add passkey functionality to Chrome, Android, and other platforms.
Passkeys enable password form autofill after a device is opened using biometric information such as facial recognition or fingerprints, PIN, or pattern. They function similarly to a password manager. Compared to conventional SMS, app-based one-time passwords, or push-based approvals, this significantly improves security.
Passkeys are a more reliable and secure password substitute. They also eliminate the requirement for conventional second-factor authentication techniques, according to Google’s Security Blog post from earlier this week.
Passkeys are built on industry-standard APIs and protocols to prevent phishing attempts, and they use public-key cryptography to prevent passkey-protected accounts from being compromised in the event that service providers’ data is compromised.
Users will need to affirm their desire to create a passkey and authenticate using their sign-in method in order to create one on an Android device. In order to avoid lockouts in the event of lost devices, passkeys are maintained through Google Password Manager, where they will be automatically backed up to the cloud.
The Fast Identity Online (FIDO) standard has extended support from Microsoft, Apple, and Google, while Passkeys have received widespread industry backing.
The three tech companies stated in a joint press release with the FIDO Alliance earlier this year that “along with facilitating a better user experience, the broad support of this standards-based approach will enable service providers to offer FIDO credentials without the need for passwords as an alternative sign-in or account recovery method.”
Google stated in the Developers Blog that an API for native Android apps will be “our next milestone in 2022.” “Apps linked with the same domain and vice versa will function flawlessly with passkeys created through the web API.” a
Users will have the option of using their saved password or a passkey when using the native API. The objective is to aid users and developers in a seamless transition to passkeys by providing a familiar user experience.