/
Google’s Credential Manager API rollout should encourage more Android apps to support passwordless login with passkeys.
By Wes Davis, a weekend editor who covers the latest in tech and entertainment. He has written news, reviews, and more as a tech journalist since 2020.
Oct 29, 2023, 4:01 PM UTC|
If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.
:format(webp)/cdn.vox-cdn.com/uploads/chorus_asset/file/24007892/acastro_STK112_android_01.jpg)
Illustration by Alex Castro / The Verge
Android apps are about to get better built-in passkey support. Google announced in a developer blog post last week that Credential Manager, a new Android-specific API for storing credentials like username and password combinations and passkeys, is going public on November 1st. Credential Manager, which has been in developer preview for months, houses biometric authentication of passkeys, traditional passwords, and federated identity login under one roof in Android phones.
Ultimately, the change should allow apps to offer better authentication support in Android 14. Using Credential Manager, apps can offer users easy biometric logins through passkeys. That should mean a more friction-free sign-in experience since people who use that method wouldn’t have to worry about keeping login information in their heads. Third-party password managers like 1Password can also integrate the API for a more streamlined experience when defaulting to such an alternative instead of Google Password Manager.
Google explained why it’s pushing for passkeys in Android at Google I/O this year.
Google wrote in another blog post last week that it’s deprecating several authentication APIs so that developers will only have to call on the Credential Manager for authenticating users. Hopefully, that should make it much simpler and, therefore, much more likely to be used by third-party apps, as others, like WhatsApp and Uber, have already done.
What are passkeys?
Passkeys can replace traditional passwords with your device’s own authentication methods. That way, you can sign in to Gmail, PayPal, or iCloud just by activating Face ID on your iPhone, your Android phone’s fingerprint sensor, or with Windows Hello on a PC.
Built on WebAuthn (or Web Authentication) tech, two different keys are generated when you create a passkey: one stored by the website or service where your account is and a private key stored on the device you use to verify your identity.
Of course, if passkeys are stored on your device, what happens if it gets broken or lost? Since passkeys work across multiple devices, you may have a backup available. Many services that support passkeys will also reauthenticate to your phone number or email address or to a hardware security key, if you have one.
Apple’s and Google’s password vaults already support passkeys, and so do password managers like 1Password and Dashlane. 1Password has also created an online directory listing services that allow users to sign in using a passkey.
>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : The Verge – https://www.theverge.com/2023/10/29/23937095/android-14-passkey-support-credential-manager-api-third-party-apps
