It’s now official: “Passkey” has been available since Wednesday, October 12, 2022 for Android devices.
Users of the Google Chrome browser are also affected
Farewell small (rather very long) password?
In the wake of Apple and in the midst of cybersecurity month, Google has rolled out “access keys” for its Android operating system and its Google Chrome browser. The objectives around the Passkey, announced jointly by Apple, Google and Microsoft around the standards of the FIDO Alliance, are to make it possible to gain in cybersecurity at an individual level. We are not going to repeat the topo on the need to change passwords for each service and choose one that is quite complex, you are starting to know the song.
Nevertheless, a major weakness remains, and one cannot always avoid it despite increased vigilance: phishing. With the access keys, Google therefore hopes to overcome this problem. On the blog Android-Developers was published an article jointly signed by Diego Zavala, Android Product Manager and Christiaan Brand, Account and Security Product Manager. For them, the deployment of access keys is advantageous because they ” cannot be reused, do not leak into server loopholes, and protect users against phishing attacks
“.
Concretely, the access key being individual and unique for each service with which authentication is desired, the revolution will not be major on a daily basis for the users of this service. Indeed, the confirmation of the access key by a password or even by the use of biometric data is not so different from the usual method of multi-factor authentication.
A multi-support service thanks to the use of common standards
Adoption will be all the easier since synchronization between the different Android devices of the same person is already possible, to prevent an access key from only working from one personal smartphone, and not on the one dedicated to professional life for example. This is enabled by the use of Google’s password manager.
On the developer side, the WebAuthn API allows them to create support for generating access keys for Internet users using Chrome from Android, and other supported platforms. The API for native Android applications should arrive before the end of the current year.
For now, thanks to the use of the same standards for access keys, a person can therefore use them under ChromeOS, macOS, Windows or iOS. Connecting from Chrome on your iPhone or on your Windows computer is therefore (already) possible. So, are you going to use access keys?
Sources: Android Developers Blog, The Hacker News
2