Google has always taken security very seriously. This time around, the company has introduced a new passkey feature for Android devices and Chrome to offer additional security to users.
Instead of using passwords, users will now be able to use this option to authenticate their identity by using PINs or biometric authentication to log in to any website or app.
This, as per Google, is a safer option for users than the traditional two-factor authentication method.
“Passkeys” To be the new Password
In this year itself, other tech giants like Microsoft, Apple, and Google announced plans to offer a common passwordless sign-in option to users.
This sign in option is called as “Passkeys” and is developed by the World Wide Web Consortium (W3C) and the FIDO Alliance.
Google is now all set to make it a reality.
The feature, which is currently only available for developers and Google, shall most probably be available to regular users later this year.
The company said that moving forward, any one will be able to create as well as use the passkeys on Android without worrying about syncing issues.
This is because of the Google Password Manager which will take care of it.
As per Google, it is important to back up to a cloud service when the user sets up a new Android device by transferring data from an older device, existing end-to-end encryption keys will securely get transferred to the new device, according to Google.
To test the new authentication standard for their Android apps, the developers can now enroll in the Google Play Services beta.
For end-users, the web admins can also build passkey support on their sites via the WebAuthn API, on Android and other supported platforms.
In the coming weeks or months, Google will also release an API for native Android apps, which will allow mobile applications to use web passkeys to log in.
By simply choosing a Google account and authenticating your identity using the registered fingerprint or face unlock, one an easily create a passkey and complete the process.
What is a Passkey?
Google says a “passkey is a cryptographic private key. In most cases, this private key lives only on the user’s own devices, such as laptops or mobile phones. When a passkey is created, only its corresponding public key is stored by the online service. During login, the service uses the public key to verify a signature from the private key. This can only come from one of the user’s devices. Additionally, the user is also required to unlock their device or credential store for this to happen, preventing sign-ins from e.g. a stolen phone.”
Comments are closed, but trackbacks and pingbacks are open.