Google has announced the support of Passkeys on Android and Chrome for developers to test. The company says that Passkeys are a safer and more secure alternative to passwords and also replace the need for traditional 2-factor authentication methods such as text messages, app-based one-time codes or push-based approvals. The general availability of Passkey support on Android and Chrome will be available later this year. Passkeys use public-key cryptography so that data breaches of service providers don’t result in a compromise of password-protected accounts.
Passkeys are based on industry-standard APIs and protocols to ensure they are not subject to phishing attacks. Google says that Passkeys are the result of an industry-wide effort that combines secure authentication standards created within the FIDO Alliance and the W3C Web Authentication working group.
Passkeys support on Android and Chrome
A single Passkey can identify a particular user account on some online service. A user has a different passkey for different services. Google claims that for a user, using Passkeys is very similar to using saved passwords but with significantly better security.
Passkey is based on a cryptographic private key and in most cases, this private key lives only on the user’s own devices, such as laptops or mobile phones. When a Passkey is created, only the corresponding public key is stored by the online service.
On Android, the Google Password Manager provides backup and sync of passkeys. This means that if a user sets up two Android devices with the same Google Account, passkeys created on one device are available on the other. This applies both to the case where a user has multiple devices simultaneously.
Passkeys in the Google Password Manager are always end-to-end encrypted. When a passkey is backed up, its private key is uploaded only in its encrypted form using an encryption key that is only accessible on the user’s own devices. This protects passkeys against Google itself, or a malicious attacker inside Google.
Creating or using passkeys stored in the Google Password Manager requires a screen lock to be set up. This prevents others from using a passkey even if they have access to the user’s device. When a user sets up a new Android device by transferring data from an older device, existing end-to-end encryption keys are securely transferred to the new device. However, if the older device was lost or damaged, users may need to recover the end-to-end encryption keys from a secure online backup.
To recover the end-to-end encryption key, the user must provide the lock screen PIN, password, or pattern of another existing device that had access to those keys. Google says that restoring Passkeys on a new device needs both the user being signed in to the Google Account and an existing device’s screen lock. Incase is the screen lock PINs and patterns are short, the recovery mechanism provides protection against brute-force guessing. After consecutive incorrect attempts to provide the screen lock of an existing device, the key can longer be used.
The post Google announces support for Passkeys on Android and Chrome first appeared on 91mobiles.com.
via ©91 Mobiles
No comments:
Post a Comment