Both Google Chrome and Android support security keys, a new security feature designed to replace traditional passwords, the company revealed.
In a blog post (opens in a new tab), Google said that users will now be able to create and use passwords on Android devices, which will be securely synced through Google Password Manager (opens in a new tab ) .
Developers, on the other hand, will be able to build access key support into their sites for end users using Chrome via the WebAuthn API, on Android and other supported platforms.
Eliminate weak passwords
Those who want to try out the new features will need to sign up for the Google Play Services beta and use Chrome Canary. General availability on stable channels for both features is expected "later this year," Google says, which means we shouldn't have to wait too long.
Security keys were first announced by Apple in the summer of 2021 and described by the company as a "new way to make the web a safer place" because recycled and weak passwords are considered one of the most common reasons of data breaches.
The access keys use "strong cryptographic techniques and on-device biometrics" to keep accounts secure, Adler explained, and users simply need to use TouchID or FaceID to authenticate to a new web app, mobile app or service to create a master key. .
Introducing the Passkey feature to the world at WWDC 2022, Apple's Vice President of Internet Technologies, Darin Adler, described Passkeys as a "next-generation credential that's more secure, easier to use, and aimed at replacing passwords (opens in a new tab) forever". ”.
Google seems to agree with this assessment, its announcement describing it as a "significantly more secure replacement for passwords and other perishable authentication factors."
The company claims that access keys cannot be reused, are not leaked in server breaches, and protect users from phishing attacks. They are based on industry standards, work across different operating systems and browser ecosystems, and can be used for both websites and apps.
Google's next step in this process is an API for native Android apps, coming later this year. Access keys created through the Web API "will work seamlessly" with apps affiliated with the same domain, the company added, suggesting the move is part of a larger transition. The native API will give apps a unified way to let users choose between a password and a saved password.
"A smooth and familiar user experience for passwords and passcodes helps users and developers make a smooth transition to passcodes," Google concluded.