Skip to Content

Google Adds Passkey Support to Chrome and Android

Updated on 2022-10-12

Google has added passkey support to Chrome and Android as of Wednesday, October 12. Currently, two capabilities are in beta: “Users can create and use passkeys on Android devices, which are securely synced through the Google Password Manager, [and] developers can build passkey support on their sites for end-users using Chrome via the WebAuthn API, on Android and other supported platforms.”

Note

  • More progress away from reusable passwords is always a good thing. Password manager software products such as Dashlane have added passkey support, as well. VPN/remote access providers should accelerate rolling out standards-based passkey support as should all of the platform as a service providers (such as in healthcare and retail) to make broad adoption happen faster
  • Passkey is what most vendors are calling the FIDO based implementation of strong (or phishing resistant) MFA. Apple has already announced something similar, with Microsoft and other big vendors supporting the solution soon (if not already). This solution replaces traditional passwords and other versions of MFA with a public-key cryptography /biometric solution. While the backend technology can be quite complex, it greatly simplifies authentication for people as there are no passwords to manage, people simply authenticate via biometrics. To help me better understand all of this, I forced myself to write a blog explaining in very simple terms passkeys / phishing resistant MFA.
    www.sans.org: What is Phishing Resistant MFA?
  • As a transition to passwordless, these passkeys are essentially the public key that is verified by unlocking the private key on your device (e.g., android) using biometric authentication. Google is making these cross-platform and encouraging developers to include support for passkeys in applications to raise the bar on “standard” logins.
  • I have concerns around passkey and it’s Apple equivalent. The concern isn’t the technology per-se, it’s the extreme lock in. Say you have several hundred passkeys. How easy would it be to migrate between systems? Do developers have to keep adding more and more identity provider integrations?
  • The excuses for the continued use of passwords are fast disappearing even as their contribution to breaches persists.

Read more in

Overview

Google has added support for passkeys in Chrome Desktop and Chrome Android, along with the Google Password Manager. Read more: Security of Passkeys in the Google Password Manager

    Ads Blocker Image Powered by Code Help Pro

    It looks like you are using an adblocker.

    Ads keep our content free. Please consider supporting us by allowing ads on pupuweb.com