As early adopters, Google Play Services Beta and Chrome Canary members already have access to the passkey functionality, according to a post on the Android Developers Blog. The feature, which will roll out to all users “later this year,” will automatically insert saved passwords when a user’s credentials are verified.

This beta launch enables two features, one for users and one for developers:

1. Users can create and use passkeys on Android devices, securely synced via Google Password Manager.
2. Developers can build passkey support on the web using Chrome, through the WebAuthn API, on Android and other platforms.

Passkeys Offers Stronger Security Measures, Better User Experience

Working like a password manager, passkeys enable autofill of the password form when a device is unlocked using biometric data such as facial recognition or fingerprints, PINs, or patterns. It offers a significant security upgrade over traditional SMS, app-based one-time passwords, or push-based approvals.

“Passkeys are a safer and more secure alternative to passwords. They also replace the need for traditional second-factor authentication methods,” Google said in a Security Blog earlier this week. “Passkeys use public-key cryptography so that breaches of users’ data service provider does not result in a compromise of passkey-protected accounts and relies on industry standard APIs and protocols to ensure they are not subject to phishing attacks.”

To create a passkey on an Android device, users will need to confirm that they want to create one and authenticate with their sign-in method. Passkeys are managed through Google Password Manager, where they are automatically backed up to the cloud to avoid lockouts in case of lost devices.

Tech Giants Collaborating on Passkey Standard

Passkeys have received industry-wide support and earlier this year, Microsoft, Apple, and Google announced extended support for the Fast Identity Online (FIDO) standard.

“In addition to facilitating a better user experience, the broad support of this standards-based approach will allow service providers to offer FIDO credentials without requiring passwords as an alternative way to sign in or recover an account,” the three tech providers said in a joint press release with the FIDO Alliance earlier this year.

Android-Native API Coming Later This Year

“Our next milestone in 2022 is an API for native Android apps,” Google said on the Developers Blog. “Passkeys created through the web API will work seamlessly with apps affiliated with the same domain and vice versa.”a

The Native API will allow users to choose to use either the passkey or their saved password. With a familiar user experience, the goal is to help users and developers seamlessly transition to passkeys.

Featured image: Shutterstock/Blue Andy