In May of this year, Apple, Google, and Microsoft announced plans to provide passwordless sign-in options to users. This is known as Passkeys, which is an industry standard for removing passwords for internet authentication. This technology was developed by the World Wide Web Consortium (W3C) and the FIDO Alliance. Now, Google is taking steps to make it a reality.
Google has launched a beta version of its passkey feature for Android devices and Chrome in order to provide users with additional security. Rather than a password, people will soon be able to authenticate their identity using their PIN or biometric data. Google says, this is a safer option than two-factor authentication in the traditional sense.
Sampath Srinivas, Google’s director of product management for secure authentication, revealed in May that to log into a website on your computer, all you need is your phone nearby; you will simply need to unlock it to gain access. As soon as you have finished, you will no longer need to sign in with your phone; you will only need to unlock your computer.
Google says, “A passkey is a cryptographic private key. In most cases, this private key lives only on the user’s own devices, such as laptops or mobile phones. When a passkey is created, only its corresponding public key is stored by the online service. During login, the service uses the public key to verify a signature from the private key, This can only come from one of the user’s devices. Additionally, the user is also required to unlock their device or credential store for this to happen, preventing sign-ins from e.g a stolen phone.”
As of now, passkeys are only available for developers, but later this year, it will be available to regular users as well. According to the company, one will be able to create and use passkeys on Android devices without having to worry about syncing issues, as they will be backed up to Google Password Manager. Using a cloud service is essential because when a user sets up a new Android device by transferring data from an older one, existing end-to-end encryption keys are securely transferred to the new device.
On Android devices, users can now generate and utilize passkeys. Developers can now enroll in the Google Play Services beta program to test the enhanced authentication standard for their Android applications. Web admins can also build passkey support on their sites for end-users using Chrome via the WebAuthn API, on Android and other supported platforms. Google will release a web passkey API for native Android apps in the coming weeks or months.
How to Create A Passkey?
Creating a passkey on Android devices is as simple as choosing a Google account and confirming your fingerprint or face unlock to complete the process.