In response to our report from last month, Google today announced its support for passwordless FIDO Sign-in standards and gave a sneak peek at how passkeys will work on Android and Chrome.
Due to people’s poor password hygiene (i.e., utilizing credentials across different services), vulnerability to data breaches, and phishing scams, Google has been striving to replace passwords for the past decade or so.
In honor of World Password Day, we are announcing today that all major device platforms have committed to incorporating support for passwordless FIDO Sign-in standards throughout the course of the upcoming year. We intend to add password-free functionality to Chrome and Android.
The new standards are also supported by Apple (iOS, macOS, Safari) and Microsoft (Windows, Edge), making it easier to sign in to devices, websites, and applications regardless of platform without using a separate password.
HOW ANDROID AND CHROME PASSKEYS WILL WORK Your Android phone will keep a passkey needed to access an internet account in its memory (in Google Chrome). You can sign into a website or app without typing a password by just unlocking your mobile device. Passkeys are transmitted when you obtain a new phone or if it ever gets lost after being linked to the cloud (Google Account).
Because it is based on public key cryptography and is only shown to your online account when you unlock your phone, the passkey makes signing in significantly more safe.
The first time you log in on a desktop computer, your phone must be nearby for authentication. After then, signing in only requires unlocking your computer.
In a world without passwords, your phone and Google Account will be crucial. We’ve been informed today that passkeys will function with Android 9 and newer-running devices, and we’ve already seen Google Play Services preparing support. In the interim, there will still be two levels/factors of security and authentication required to access your Google Account:
We may anticipate that Google Accounts will provide a login that powerfully combines something the user already owns and something they already know. Users can, for instance, utilize an unlock code from a previous device in place of a password. The item the user possesses may be a Security Key or their registered phone number (using new techniques beyond SMS).
Sampath Srinivas, President of the FIDO Alliance and PM Director of Secure Authentication at Google
Speaking of security keys, users who do not want to sign in using their phone will still have access to a phishing-resistant solution.
WHEN CAN PASSKEYS BE USED? World Password Day saw the announcement of this industry-wide support, with complete implementation by OS vendors, online services/websites, and apps anticipated in 2022 and 2023.
We are eager to see what the future of passkey holds. Despite this, we recognize that it will take some time before website and app developers can fully utilize this technology and make it available on everyone’s devices. As we make this shift, passwords will still play a role in our daily lives, so we’ll be working to make traditional sign-ins safer and simpler through our current products and ongoing innovation.
FTC: We employ automatically earning affiliate connections. More.
Check out 9to5Google on YouTube for more news:
