Google announced today that it’s introducing passkey support to its Chrome web browser and the Android operating system to simplify sign-ins across apps, websites, and devices.
“Passkeys are a significantly safer replacement for passwords and other phishable authentication factors. They cannot be reused, don’t leak in server breaches, and protect users from phishing attacks,” Google said today.
Passkey support for developers on Android and Chrome will enable key capabilities towards cross-platform passwordless logins, including:
allowing users to create and use passkeys on Android devices (securely synced through the Google Password Manager) enabling developers to add passkey support on their websites with Chrome using the WebAuthn API, on Android and other platforms. Passkeys are securely backed up and synced to the cloud to prevent lockouts if the device they were generated on is lost, and they can be used for signing into websites on an Android device or for signing into websites on another device using an Android phone.
Since they’re built on industry standards, this works across different platforms and browsers, including Windows, macOS, iOS, and ChromeOS, with the same user experience.
Developers can try this today by enrolling in the Google Play Services beta and using Chrome Canary. The new capabilities features will roll out to stable channels later this year.
“Our next milestone in 2022 will be an API for native Android apps. Passkeys created through the web API will work seamlessly with apps that are affiliated with the same domain, and vice versa,” Google added.
“The native API will give apps a unified way to let the user pick either a passkey, if they have one, or a saved password. This shared experience for both types of users aids the transition to passkeys.”
Passwordless sign-in push
Today’s announcement is part of a broader effort to speed up the adoption of passkeys. It follows a May announcement of plans to support them as a common passwordless sign-in standard developed by the FIDO Alliance and the World Wide Web Consortium (W3C).
Microsoft and Apple also pledged their support for passkeys in May, which means that once implemented, these new Web Authentication (WebAuthn) credentials (aka FIDO credentials) will allow the three tech giants’ users to log in to their accounts without using passwords.
“To sign into a website on your computer, you’ll just need your phone nearby and you’ll simply be prompted to unlock it for access,” Sampath Srinivas, Google PM Director for Secure Authentication, said at the time.
“Even if you lose your phone, your passkeys will securely sync to your new phone from cloud backup, allowing you to pick up right where your old device left off.”
The new capabilities will likely become available across leading platforms, devices, websites, and apps operated by Google, Microsoft, and Apple over the coming year.
Moving away from signing into accounts using passwords will make the web more secure since they’re currently the most common point of entry used by attackers when attempting to hijack online identities.