Signing in to accounts is a pain. Who needs the annoyance of password resets, two-factor authentication, and hackers breaching databases? This is why we’ve been so excited in recent months, ever since Google announced that a brave new passwordless future was on its way to Android and Chrome. You’ll be able to securely and easily access your favorite services thanks to cryptographically signed passkeys stored on your phone — and it all starts today.
The concept of being able to access your accounts without explicitly entering your credentials may seem somewhere bizarre, but when you think about it and consider what Google is doing, it’s not that different and tough from how we currently handle saved passwords. The idea of a “passkey,” which is a digital record linking your personal information with a specific service, securely signed via a chain of trust, and kept on a device like your phone, is at the heart of this concept. And just like other information you store securely on your phone, you can access it using practical biometrics like a fingerprint, which is much quicker and more secure than entering a password.
Google is rolling out end-to-end encrypted passkey support for Android. Passkeys will be synced across devices and services via the Google Password Manager. The company is working on giving developers access to an Android API for native support, due to arrive later this year.
Before any of this feels remotely mainstream, a lot of work needs to be done, including updating websites and apps, preparing third-party password managers for this major shift, and educating users about these new interactions. But we’re thrilled to see this project finally starting to move forward because it holds the promise of more effective mobile security and simply less of a headache for all things authentication-related.