Google has announced support for Passkeys on Android and Chrome

Google has announced support for Passkeys on Android and Chrome for developers to test. Passkeys are a safer and more secure alternative to passwords and also replace traditional 2-factor authentication methods such as SMS, app-based one-time codes or push-based approvals, the company said. Support for Passkey will be generally available on Android and Chrome later this year. Passkeys use public-key encryption, so data breaches by service providers will not result in password-protected accounts being affected.

https://security.googleblog.com/2022/10/SecurityofPasskeysintheGooglePasswordManager.html

Passkeys are based on industry-standard APIs and protocols to ensure they are not vulnerable to phishing attacks. Google says Passkeys is the result of an industry-wide effort that combines security certification standards created within the FIDO Alliance and the W3C Web Certification Working Group.

A single password can identify a specific user account on a number of online services. A user has different passwords for different services. Google claims that for a user, using Passkeys is very similar to using a saved password, but with significantly more security.

Passkeys are based on an encrypted private key, which in most cases exists only on the user's own device, such as a laptop or phone. When creating a passkey, only the corresponding public key is stored by the online service.

On Android, Google Password Manager provides backup and synchronization of passcode keys. This means that if a user sets up two Android devices with the same Google account, passwords created on one device can be used on the other device. This also applies to situations where users have multiple devices at the same time.