Yesterday, Wednesday, Google announced the introduction of Passkey technology to the Android system and Chrome browser, in a step aimed at solving the problem of security shortcomings suffered by the password technology currently in use.
For many years, password technology has been the basis of computer security, but it lacks the required level of security, after we witnessed many massive password leaks.
After the industry realized the need for an alternative to passwords, companies, including Google, began moving towards new technologies, such as (passkeys), that would allow users to use them on Android devices and other devices that use the Chrome web browser.
Google said in a post on its Android developer blog that passkeys are a more secure alternative to passwords and other phishable authentication factors.
The American tech giant explained that the strengths of the pass keys lie in not reusing them, and they cannot be leaked if the servers are breached, and then they are able to protect users from phishing attacks.
Google added that passkeys are built according to specific industry standards, support work across different operating systems and browsers, and can be used for both applications and websites.
Google shows passkeys
In its post, Google explained how passkeys work, stating that they follow familiar user experience patterns, much like the autocomplete feature for saved passwords, where the user is asked to confirm passkeys on devices through authentication factors used to lock the screen, such as: Pattern, or fingerprint.
The passkeys are then saved and synchronized on the user’s phones and computers through the cloud, with the aim of helping users protect themselves in case the device is lost. In addition, users can use passkeys stored on their phones to log into apps and websites on nearby devices, by scanning a QR (Quick Response Code) through their phone’s camera.
Google said in its post that the new announcement is important for two reasons, the first because it enables users to create and use passkeys on Android devices, which are securely synchronized through the Google Password Manager service, and the other is that it enables developers to support passkeys on their sites for end users using a browser Chrome via the WebAuthn API on Android and other supported platforms.
The company added that the next step is to launch an API for Android native apps with the aim of giving apps a standardized way to allow users to take a stored passkey or password. She hopes that this method will help users and developers to transition to the new passkey technology gradually.
