Google today announced a new feature that will soon open the door for Android phone owners to sign in with their favorite apps without using a password.
An experimental Google feature called Credential Manager is a software interface for application developers to integrate into their applications to allow new accounts to be signed in or existing accounts to be signed in without requiring user input. Use any password, which is more secure than traditional passwords.
Credential Manager in Android is based on the Passkeys standard which is jointly developed and supported by major technology companies such as Apple, Google and Microsoft.
Passkeys are a new technology that allows users to create accounts and log in without requiring a password. Instead, when a user logs into a website or application for the first time, two security keys are generated to log the user into the website or application. The first is a private key, which is stored on the user's device and is not shared with third parties, and a public key that is sent to the server of the visited website. During login, the public and private keys are used to verify the identity of the user.
The public and private keys are mathematically linked, allowing the server to verify the identity of the user without sending the private key over the Internet. The public key stored on the server is of no value to any potential hacker if it can be obtained. Both keys are generated automatically and the user does not need to know or remember them.
This process is handled by what is known as an authenticator, which could be the user's phone or a password manager app. Authentication rights can be protected with a master password or biometric security methods such as fingerprints or target photos.
Google's announcement today aims to bring this technology to Android users along with additional features that make browsing websites safer. Credential Manager stores multiple user logins, whether passwords or access keys, and unifies them into a single login interface, allowing users to log in without additional steps.
Apple was the first company to support the Passkeys standard when it announced the feature in the iOS 16 update last September, and then announced support for the feature on Macs running macOS Ventura. Apple stores the keys in an encrypted form on the iCloud service, which allows them to be synchronized across the company's various devices. Several popular password managers have also announced support for the new standard, including Dashlane and 1Password.
It should be noted that Google supported the standard in the desktop version of Chrome last December. While Android support for the standard is still in its infancy, it will take time for apps to adopt it.