Support for authentication system 'passkey' that allows you to securely log in to web services without a password with fingerprint or face authentication on Android and Chrome started

On October 12, 2022, Google announced that Android and Chrome will support the authentication system ``

Passkey '' that uses fingerprint authentication and face authentication instead of passwords to log in to web services. Users are protected from problems such as hacking and server information leakage by using a passwordless authentication system.

Android Developers Blog: Bringing passkeys to Android & Chrome

Google Online Security Blog: Security of Passkeys in the Google Password Manager

Google starts rolling out passkey support for Android and Chrome

Google begins adding passkey support in Android and Chrome | Engadget

Passkey is a sign-in standard developed by the FIDO Alliance , an industry group aiming to standardize biometric authentication, and the World Wide Web Consortium (W3C) , a web technology standardization body. Device FIDO Credentials) '.

Passkey does not log in by entering a password, but performs biometric authentication using elements that only the person has, such as fingerprint authentication and face authentication. Passwords can be compromised by phishing attacks, server compromises, and others, and can be abused by malicious actors, but biometrics are immune to such hacks.

In May 2022, Apple, Google, and Microsoft agreed to expand the use of passkeys, and Apple has started supporting passkeys in iOS 16 released on September 13.

Apple, Google, and Microsoft agree to expand use of passwordless authentication system 'passkey' - GIGAZINE

And on October 12th, Google announced that Android and Chrome now support passkeys for developers to test. Arnar Birgisson, a software engineer at Google, said in the official security blog, ``Passkeys are a safer and more secure alternative to passwords. It will be an alternative to two-factor authentication for .

To create a passkey, users first confirm their web service account ID and password, and then register their fingerprint, face, or screen lock unlock code when prompted.

When you sign in to the web service, select the account you want to use, and when prompted, simply authenticate with your fingerprint, face, or screen lock release code. No complicated settings are required, and you can use it like an existing password manager. The passkey uses an encrypted private key that exists only on devices such as smartphones, and when logging in, the signature is verified with the public key stored by the web service.

Passkeys are backed up and synced with Google Password Manager, so passkeys can be shared across multiple Android devices using the same Google account. This is not only convenient for owning multiple devices and switching, but also used for access recovery when a device is lost.

And since passkeys are an industry-wide initiative, passkeys registered on an Android device can also be used to log in on other devices, such as Macs and Windows PCs. Similarly, you can log in to web services from Chrome using passkeys stored on your iOS device. This process may require scanning a QR code.

Developers can download the beta version of Google Play Services and test to implement passkeys in their apps. Also, in 2022, we plan to expand passkey support on stable channels and release an API for native Android apps.

in Web Service,   Hardware,   Security, Posted by log1h_ik