Google pushes passwordless authentication with biometric passkeys

Google announced Wednesday that it is bringing biometric passkeys to Android and Chrome devices.

Writing on the Android developers’ website, Google says passkeys are significantly safer and more secure than passwords and other phishable authentication factors.

Google says the biometric data used for authentication never leaves the user’s device and that passkey protocols prevent information shared with sites from being used for tracking.

Moreover, passkeys can also replace a password and a second factor in a single step, making the user experience as simple as auto-filling a password form.

“For the end-user, creating a passkey requires just two steps,” Google writes, “confirm the passkey account information and present their fingerprint, face or screen lock when prompted.”

Users with a passkey can sign into their account and present their fingerprint, face, or screen lock using phone sensors instead of inserting a password.

Google says that Chrome on Android stores passkeys in the password manager app, which synchronizes passkeys between Android devices that are signed into the same Google account.

A passkey on a phone can also be used to sign on to a nearby device, Google explains. “For example, an Android user can now sign into a passkey-enabled site using Safari on a Mac.”

Passkey support in Chrome means that a Chrome user, for instance, on Windows, can do the same using a passkey stored on their iOS device.

The company also confirmed that, since it uses industry standards, passkeys work across platforms and browsers, including Windows, macOS, iOS and ChromeOS.

Developers can enroll in Google’s Play Services beta and use Chrome Canary to start building apps enabling biometric passkeys. The features will be generally available on stable channels later this year.

“We have worked with others in the industry, including Apple and Microsoft, and members within the FIDO Alliance and the W3C to drive secure authentication standards for years. We have shipped support for W3C WebAuthn and FIDO standards since their inception,” Google writes.

“Google remains committed to a world where users can choose where their passwords, and now passkeys, are stored.”

Article Topics

Android  |  biometric authentication  |  biometrics  |  consumer adoption  |  Google  |  passkeys  |  passwordless authentication