Google has announced that they are taking another step towards passwordless logins by rolling out support for passkey logins to Android and Chrome. Passkeys let you use your phone or computer’s built-in authentication systems instead of traditional passwords. All of the major tech companies including Apple, Google and Microsoft are pledging to bring this feature to their operating systems.

Passkeys are credentials stored on a device like your phone or computer, that confirms to a website or application that you are who you say you are. They’re a way to verify your identity to the devices, which can then securely log you in to sites and services you use without having to rely on passwords that could potentially be stolen.

A passkey can’t be stolen in the same way that a password can. Because passkeys rely on access to a physical device, they combine the security of hardware two-factor authentication with the familiarity of smartphone use.

This feature is mostly for early adopters right now, as the stable launch is set for later this year and will allow users to sign on to sites and apps with their device’s fingerprint reader or other authentication factors – without the use of a password.

Because all platforms are beginning to support passkeys, developers have the incentive to make sure the passkeys actually work before the features are made available to everyone.

Web developers can build support for passkey login on sites they operate by using WebAuthn API and testing on the Chrome Canary browser or the Google Play Services beta program. The feature has already been rolled out for testing on Android.

Android passkeys are stored locally on the phone, but are also backed up on the cloud in case the device is lost or stolen.

When you log in with a passkey, you’ll be prompted to select which account you want to log in with. After you choose, you’ll then be asked to either scan your fingerprint, or otherwise authenticate yourself, as shown in the images.

A significant aspect of the passkey system is its cross-platform compatibility. A passkey that is saved on a phone can be used to authorize a login on another nearby device – meaning a user on an Android phone can sign in to a website on a Mac that supports passkeys. To accomplish this, a user can scan a QR code in a pop-up shown on the desktop site, and confirm on the phone that the passkey option should be used.

Users have this ability because passkey technology is built on shared industry standards known as FIDO2 and Web Authentication Level 3 rather than the technology being proprietary.

Although passkeys aren’t wide in use yet, they are scheduled to roll out to the major platforms later this year and into next. There are a few sites and apps that are currently using passkeys, such as Dropbox and Best Buy, however it is not the default log in option.

Google is optimistic about a passwordless future. A future update will bring changes to Android that will allow third-party credential managers such as LastPass to support passkeys for their users.

Story via The Verge