‘Password’ quickly becomes a bad word
Logging into accounts sucks. Password resets, two-factor prompts, hackers breaking into databases – who needs the annoyance? This is exactly why we’ve been so excited in recent months, after Google said a brave new passwordless future was coming to Android and Chrome. Cryptographically signed passkeys stored on your phone give you secure and easy access to your favorite services – and it all starts today.
ANDROIDPOLICE VIDEO OF THE DAY
The idea of accessing your accounts without explicitly entering your credentials may sound like something somewhere between bizarre and just plain bad idea, but if you really think about it and look at what Google implements, it is. not that far from how we already deal with stored passwords.
At the heart of this concept is the idea of a “password” – a digital document that links your personal information to a particular service, securely signed through a chain of trust and stored on a device such as your phone. And like other data you keep safe on your phone, you can access it with handy biometrics like a fingerprint — which is a lot easier and more secure than typing a password.
Android is getting support for passkeys through Google Password Manager, keeping them in sync with your hardware – this is all end-to-end encrypted, so even if Google coordinates the distribution of your passkeys, it won’t be able to access and use them in your bills.
The initial support is largely based on accessing web services, and in addition to using passkeys on your phone to streamline access on mobile devices, you can also use them to connect on a desktop: Chrome on your PC can use a QR display a code for a service, which you then scan with your phone and authorize the access code. Next, Google is working on giving developers access to an Android API to support native passwords, which will be released sometime later this year.
There’s still a lot of work to be done before this even feels somewhat mainstream: apps and websites need updating, third-party password managers need to prepare for this turnaround, and users need to be educated about these new interactions. But with the promises of more robust mobile security and just less headaches for all things authentication, we’re really excited to see this endeavor finally take off.