Apple, Google, Microsoft, and others in the industry want to replace website/app passwords with “passkeys” that just require you to unlock your device. Starting today, Android and Google Chrome will support signing in with passkeys.

Google equates the experience of using passkeys to existing password managers, like its own, where you just confirm your device passcode/fingerprint before saved credentials are automatically entered. Similarly, passkeys are securely backed up and synced to the Google Password Manager to “prevent lockouts in the case of device loss.”

Two features are being announced today for early adopters that enroll in the Google Play Services beta and use Chrome Canary, with a stable launch coming “later this year”:

  1. Users can create and use passkeys on Android devices, which are securely synced through the Google Password Manager.
  2. Developers can build passkey support on the web with Chrome, via the WebAuthn API, on Android and other platforms.

To create a passkey (1-2) on a compatible service, you confirm the passkey account information and then fingerprint, face, or passcode unlock your device. Similarly, logging in (3-4) just involves selecting the right account and unlocking your phone. 

If you want to use sign-in to a desktop/laptop with a passkey on your phone, this process involves scanning a QR code:

For example, an Android user can now sign in to a passkey-enabled website using Safari on a Mac. Similarly, a Chrome user on Windows can do the same using a passkey stored on their iOS device.

Besides the stable channel launch of these features, Google this year will also release an API for native Android apps so that web passkeys can be leveraged by mobile applications.

 Passkeys created through the web API will work seamlessly with apps that are affiliated with the same domain, and vice versa. The native API will give apps a unified way to let the user pick either a passkey, if they have one, or a saved password. This shared experience for both types of users aids the transition to passkeys.

Moving forward, on Android front, third-party credential managers will be able to support passkeys for their users “next year.”

FTC: We use income earning auto affiliate links. More.


Check out 9to5Google on YouTube for more news:

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Abner Li

Editor-in-chief. Interested in the minutiae of Google and Alphabet. Tips/talk: abner@9to5g.com