The folks at 9to5Google dug into the latest iteration of Google Play Services (version 22.15.14), finding some exciting strings within the code. Phrases like “Hello passkeys, goodbye passwords” can be found in the code, suggesting its imminent arrival. “Passkeys provide better protection than passwords, and they’re safely saved in your Google Account,” another string reads. Both Apple and Google will reportedly call their offerings passkeys. The ultimate goal of this standard is to eliminate the requirement to enter your password each time. It could even end up making your password manager obsolete. However, users need to sign in to their Google accounts to access the passkeys.
Could this be the end of passwords?
Instead of requiring passwords for web sign-ins, the method developed by FIDO utilizes cryptographic keys. This means the user simply has to unlock their device using available authentication methods such as passcode, fingerprint, or others, and the system takes care of the rest. The FIDO Alliance explains the process in the following way: “During registration with an online service, the user’s client device creates a new key pair. It retains the private key and registers the public key with the online service. Authentication is done by the client device proving possession of the private key to the service by signing a challenge.” The passkeys remain within the device and its corresponding cloud sync service, which on Android is the user’s Google account. This makes it important for users to remember their Google account (or Apple ID) credentials, especially if they’re switching to a new device. If implemented correctly, this could finally mean the end of remembering a lot of passwords or scouring through your password manager. Given the nature of passkeys, device manufacturers and developers in the Android ecosystem must be on board with the idea. Google clearly wants this to be the next big thing, as evidenced by the phrase “Hello passkeys, goodbye passwords.”