Google announced on Wednesday that the developers can now test Google Password Manager’s passkey support on Android and Chrome. Passkeys are designed as a safer alternative to passwords and traditional two-factor authentication methods. Google claims that passkeys cannot be reused, won’t leak in server breaches, and protect users from phishing attacks. Since passkeys have been developed using industry standards, they will offer a uniform user experience across Windows, macOS and iOS, and ChromeOS. The company expects to release a stable version of this feature later this year.
As mentioned earlier, Google has revealed that passkeys on Android and Chrome are currently only available to developers via Google Play Services beta and Chrome Canary. Normal users are expected to get this feature by the end of 2022.
Passkeys in the Google Password Manager are designed to work on different operating systems and browser ecosystems. They are compatible with both websites and applications, and feature a similar interface as to password autofill.
For end-users, passkeys will appear similar to using a password today. Furthermore, passkeys will always be end-to-end encrypted. Users will have to set up a screen lock via fingerprint, face, PIN, or pattern to prevent others from using passkeys even if they have access to a smartphone.
Passkeys will then be backed up and synced through the cloud to prevent users from getting locked out if they lose their devices. Recovering a passkey would require users to enter the screen PIN, password, or pattern of another device with access to the passkey encryption.
Google claims that the screen lock PINs, passwords, or patterns for the passkeys will be stored in secure hardware enclaves. However, Google or any other entity will not be able to read this data. If a malicious user fails to enter the correct information 10 or more times, the passkey will become unusable. However, the original user will still be able to recover it using an existing device.
The company has promised to deliver even more updates to Android in 2023 and plans to allow third-party authenticators to support passkeys.