Posts: 757 +29
Why it matters: Tech companies have been searching for an alternative to passwords for a while. Google, Microsoft, and Apple are cooperating on unified standards to let users turn devices into authentication keys for websites and apps across macOS, iOS, Android, Windows, and various web browsers.
Google is bringing passkey support to Android and Chrome starting Wednesday. Android devices can now log users into services on macOS or Windows computers without passwords.
Passwords have been the default login tool for decades, but their various flaws become increasingly apparent with each passing year. Users struggle to invent and remember good passwords, instead using easily guessable ones. Severs store passwords under security of varying quality, and hackers routinely breach them. Even password managers – a good method of creating and storing secure passwords – aren't immune to data breaches.
In May, Microsoft, Google, and Apple pledged to work with the FIDO Alliance towards new login methods that circumvent the flaws of passwords and work across different platforms. Passkeys are the result.
After generating a passkey, a user can unlock a device like a smartphone or a tablet with biometrics and use it to log in to compatible websites and apps on computers. Servers don't store passkeys, so they can't leak – they remain solely on users' devices and sync across devices through the cloud. The requirement for local authentication also lessens the risk of phishing.
Apple made its contribution to the initiative in June. iPhones running iOS 16 can use Touch ID or Face ID to sign users into websites in Safari or apps on macOS Ventura. The passkeys can sync between devices using iCloud Keychain with end-to-end encryption. iPhones can also sign into services on Windows by scanning QR codes.
With this week's announcement, users can create passkeys with biometrics on Android devices to log into services on Chrome, Windows, macOS, iOS, and ChromeOS. Similar to how Apple stores passkeys on iCloud Keychain, Google stores them in Google Password Manager.
Web developers can also now set up passkey support through Chrome with the WebAuthn API. The feature has entered beta through Google Play Services and Chrome Canary and will reach stable channels later this year. Sometime this year, Google also wants to bring native Android apps into the passkey ecosystem.