Google introduces passkeys to Android and Chrome

Google aspires to permanently remove passwords from Android devices and the Chrome browser, starting tests with passkeys. The latter is already used by Apple on iOS and macOS devices to log into online accounts through facial recognition (Face ID) and fingerprint (Touch ID) biometric systems.

Passkeys are significantly more secure than passwords and other authentication methods that can be intercepted. They are not reused, do not leak from servers, and protect the user from phishing attacks. Passkeys are based on industry standards to work between different operating systems and web browsers, so they are used for logging into websites and applications.

For the end user, the use of passkeys will resemble that of a currently stored password, where they will simply confirm their identity through biometric identification (e.g. fingerprint) when they unlock their smartphone. Passkeys are stored and synchronized between users' devices (smartphones, tablets, computers) via the cloud (e.g. Google Password Manager, iCloud Keychain) so that you are not locked out of your accounts in case you lose one of your devices. In addition, users can use the passkeys stored on the smartphone to log in to apps and websites on other nearby devices.

Sign-in to a website on Android device via passkey

To create the passkey, two steps are required:

• Confirm account details
• Scan your fingerprint or face or enter your PIN when prompted

To enter the website is just as simple:

• Select the account
• Scan your fingerprint or face or enter your PIN when prompted

Sign-in to a website on a nearby computer using passkey from an Android device

You can use a passkey from the smartphone to enter a website on a nearby computer (e.g. the Safari browser on a Mac or the Chrome browser on a Mac and PC). A QR code is created which you scan with your smartphone and you enter the website directly without needing a password.