Google has started testing the passwordless online authentication protocol on Android and Chrome developed by the FIDO alliance of technology companies and the World Wide Web Consortium. The protocol should provide access to the company’s services, and in the future, to third-party resources without the need to enter a password.
Users will be able to select their smartphone or computer as the primary authentication device. After that, they will be able to enter applications, websites and other digital services by biometric scanning or entering the PIN code of the mobile device, says SearchEngines.
The security of this authentication process will be provided by a unique cryptographic passkey token that is transferred between the user’s device and the website. Such encryption keys will be asymmetric. This means that if attackers gain access to one part of the token as a result of a site hack, there will be no threat to users. According to the developers, this technology provides reliable protection against phishing and hacker attacks, since passkeys cannot be intercepted or reused.
Testing the new feature is an important milestone for Google on its path to implementing a single standard for passwordless authorization and includes two key features:
- Users can create and use passkeys on Android devices, which are securely synced through Google Password Manager.
- Developers can create passkey support on their sites for end users using Chrome via the WebAuthn API, Android, and other supported platforms.
NIX Solutions notes that in order to participate in testing, developers can sign up for the Google Play Services beta and use Chrome Canary. Stable versions will appear before the end of the year. Also this year, Google plans to add native Android apps to the passkey ecosystem.