Google Chrome and Android are getting support for passkeys, a new security feature designed to replace traditional passwords, the company has revealed.
In a blog post (opens in new tab), Google said users will now be able to create and use passkeys on Android devices, which will be securely synchronized through the Google Password Manager (opens in new tab).
Developers, on the other hand, will be able to integrate passkey support on their sites for end-users using Chrome via the WebAuthn API, on Android, and other supported platforms.
Eliminating weak passwords
Those eager to try the new features will need to enroll in the Google Play Services beta and use Chrome Canary. General availability on stable channels for both features is expected “later this year,” Google says, meaning we shouldn’t have too long to wait.
Passkeys were first announced by Apple in the summer of 2021, and were described by the company as a, “new way to make the web a safer place,” as weak and recycled passwords are considered one of the most common reasons for data breaches.
Passkeys use “powerful cryptographic techniques and the biometrics built into the device” to keep accounts safe, Adler explained, with users simply needing to use TouchID, or FaceID, to authenticate to a new web app, mobile app, or service in order to create a passkey.
Presenting the security key feature to the world at WWDC 2022, Apple’s VP for internet technologies, Darin Adler described Passkeys as a “next-gen credential that’s more secure, easier to use, and aims to replace passwords (opens in new tab) for good”.
Google seems to be on board with this assessment, with its announcement describes it as a “significantly safer replacement for passwords and other perishable authentication factors”.
The company says passkeys can’t be reused, don’t leak in server breaches, and protect users from phishing attacks. They’re built on industry standards, work across different operating systems and browser ecosystems, and can be used for both websites, and apps.
Google’s next milestone in this process is an API for native Android apps, coming later this year. Passkeys created through the web API “will work seamlessly” with apps affiliated with the same domain, the company added, suggesting that this move is a part of a larger transition. The native API will give apps a unified way to allow users to choose between a passkey and a saved password.
“Seamless, familiar UX for both passwords and passkeys helps users and developers gradually transition to passkeys,” Google concluded.