Google has begun offering passkey support on Android and Chrome, following the path set by the agreement with Apple and Microsoft last May for Replacing the use of passwords in the consumer world of devices, web services, and applications.
Passkeys are an authentication system that has been used for years by Linux engineers (but not only), and they are used in place of passwords. The difficulty of bringing them into the consumer world stems from the lack of full support for common software and hardware capable of protecting keys with advanced biometric systems. These two conditions are now fulfilled thanks to A common standard created by the FIDO Alliance and an interoperability agreement between Apple, Google and Microsoft.
become device password
In the broad sense of the term, it is impossible to “copy” a passkey because, unlike a password, it is not a simple string of characters that can be lost or stolen and then reused, but is identified by a public key (a long string of characters) that exists on the domain where the user account resides The private key on the user’s device.
The public key is generated by the private key and can only be granted access if the latter is recognized; This is why being public does not limit the security of the authentication system. The private passkeys are then synchronized between the user’s devices using cloud environments, in the case of Apple iCloud Keychain, and Google via Password Manager.
It is important to specify that these cloud services will only be used as a “bridge” for key synchronization, You won’t be on it like passwords currently doOtherwise, you will lose the advantage of using passkeys.
Moreover, the interoperability between Apple, Google and Microsoft systems will be determined by the independence of the traffic portion from the usage platform. So, for example, a person who opens a site from a Windows computer will be able to access it without a password even if the private key for that account is stored on their iPad or iCloud account. In this case, to gain access, the QR code reading will be exploited by a device possessing this key.
We have written an in-depth article on how passkeys work.
How Passwordless Access Works That Will Revolutionize Security: Stop Account Theft or Phishing
Go to deepen
Creating and using Google passkeys will be very easy
For Google, with the announcement of passkey support, users can create and use passkeys on Android devices that are securely synced through Google Password Manager.
Developers can already build traffic support on their sites for end users using Chrome via the WebAuthn API, Android, and other platforms.
To do this they must pass through Google Play Service Beta and use chrome canarythe browser version for developers (and others) that uses new features. The actual deployment of the passkey system is scheduled for next year.
Google also explained in a simple way how to generate passkeys and access a site or service that you implement. For the end user, creating a passkey requires only two steps, which is to confirm the passkey account information and provide the fingerprint, face or screen lock code when prompted.
Logging in is quite simple, the user selects the account they want to log into and provides their fingerprint or face to identify it or a screen lock code when the system asks for it.
“Incurable internet trailblazer. Troublemaker. Explorer. Professional pop culture nerd.”