Google Advances Android Security with Passkey and Credential Management Support

Google is looking to bolster security in Android apps by supporting Passkeys. This will provide an additional login option for users that aims to address vulnerabilities in traditional password-based authentication methods.

The company will provide an Application Programming Interface (API) called the Credential Manager within the Android system. This manager allows developers to securely store and manage users' identity credentials such as names, passwords, and passkeys. It will facilitate credential-based authentication and access management for apps.

Google has been beta testing the Credential Manager API for months. It features the ability to handle biometric authentication for passkeys and passwords, incorporating multifactor authentication methods. Users will soon be able to log in using fingerprints or facial scans instead of passwords alone, reducing the risk of credentials being forgotten or stolen.

The new Credential Manager interface can also be integrated into password vault apps like 1Password to create a centralized, encrypted credential storage system. This is designed to streamline the login process for users while strengthening security posture.

Google is retiring older authentication and identity verification APIs, mandating that developers transition to the Credential Manager for user authentication. It also plans to adopt passkeys across its own services and apps to set an example of best security practices for the ecosystem.

With passkey support coming soon to major third-party Android apps, this move aims to boost the overall security of the mobile environment for end users through hardened, less vulnerable credential management.