• by Laurie Sullivan  @lauriesullivan, October 12, 2022

Google on Wednesday announced it will bring passkeys to Chrome and Android. The move enables users to create and use passkeys to log in to Android devices. Users can store passkeys on their phones and computers, and use them to log in password-free. 

The idea is to make it more difficult for cybercriminals to hack systems.

Apple, Google and Microsoft have already committed to expanding support for the password-less sign-in standard created by the FIDO Alliance and the World Wide Web Consortium in March.

This announcement -- a major milestone in ongoing work with passkeys -- enables users to create and use passkeys on Android devices, which are securely synced through the Google Password Manager.

In addition, ad developers can build passkey support on sites for end-users using Chrome via the WebAuthn API, on Android and other supported platforms.

Diego Zavala, product manager at Android; Christian Brand, product manager at Google; Ali Naddaf, software engineer at Identity Ecosystems; and Ken Buchanan, software engineer at Chrome explained in a post that “passkeys are a significantly safer replacement for passwords and other phishable authentication factors.” 

The Digital Shadows Photon Research team released a report in 2020 after spending 18 months auditing criminal forums and marketplaces across the dark web and found that the number of stolen usernames and passwords in circulation has increased by 300% since 2018. At the time, there were more than 15 billion stolen credentials, from 100,000 data breaches, available to cybercrime actors. Of this number, 5 billion are said to be unique, with no repeated credential pairs.

The team at Google said it remains committed to a world where users can choose where their passwords, and now passkeys are stored. The next step, aside from updates, in the next year will be to introduce changes to Android, enabling third party credential managers to support passkeys for their users.