Microsoft, Apple, and Google announced plans to offer a common passwordless sign-in option to users. This is called “Passkeys,” developed by the World Wide Web Consortium (W3C) and the FIDO Alliance.
The feature is currently only available for developers and Google is planning to offer passkeys feature to regular users later this year. The company is saying that one will be able to create and use passkeys on Android devices without worrying about syncing issues because it will be backed up to Google Password Manager. Backing up to a cloud service is important because when a user sets up a new Android device by transferring data from an older device, existing end-to-end encryption keys will securely get transferred to the new device, according to Google.
The developers can now enroll in the Google Play Services beta to test the new authentication standard for their Android apps. Web admins can also build passkey support on their sites for end-users using Chrome via the WebAuthn API, on Android and other supported platforms. In the coming weeks or months, Google will also release an API for native Android apps, which will allow mobile applications to use web passkeys to log in.
You will be able to easily create a passkey on your Android phone by simply choosing a Google account and then authenticating your identity using the registered fingerprint or face unlock to complete the process.
Google says a “passkey is a cryptographic private key. In most cases, this private key lives only on the user's own devices, such as laptops or mobile phones. When a passkey is created, only its corresponding public key is stored by the online service. During login, the service uses the public key to verify a signature from the private key. This can only come from one of the user's devices. Additionally, the user is also required to unlock their device or credential store for this to happen, preventing sign-ins from e.g. a stolen phone.”