Google has recently announced the Credential Manager, a new Android-specific API that is poised to revolutionize the way we access our favorite applications. First, these Passkeys features were introduced in Google I/O 2023.
With the Credential Manager and passkeys feature, username and password combinations become a thing of the past. With the introduction of passkeys, a novel passwordless technology, logging into apps will soon be a breeze.
Passkeys typically require a user's biometric data or PIN for secure access to supported accounts, making the process smoother and safer.
The Credential Manager aims to merge passkeys with traditional passwords and federated identity login in a single, user-friendly platform.
What is Passkeys?
Instead of the old username and password routine, passkeys use your device's built-in authentication methods. This means you can access your Gmail, PayPal, or iCloud accounts with a simple Face ID scan on your iPhone, a quick fingerprint tap on your Android phone, or a use of Windows Hello on your PC.
Google claims that passkeys can offer a 50% quicker app login rate. Moreover, they are phishing-resistant, enhancing your digital security. The underlying technology of passkeys, the private cryptographic key, remains a closely guarded secret, even from the user.
Google has thoughtfully designed the Credential Manager to be developer-friendly, simplifying the process for app creators. By using the Credential Manager, developers can streamline the authentication process, eliminating the need to integrate multiple login methods such as passwords, email links, and OTP.
Some apps have already embraced the Credential Manager, recognizing its significance. WhatsApp's Head of Engineering, Nitin Gupta, lauds the Credential Manager API for simplifying user access.
Similarly, Ramsin Betyousef, Senior Director of Engineering at Uber, praises the developer-friendly suite of APIs, which seamlessly integrate with their apps, eliminating concerns about device fragmentation. Ultimately, the change should allow apps to offer better authentication support in Android 14.
For users with multiple accounts that use different sign-in methods, the Credential Manager offers a convenient solution. Whether it's your personal account secured with a passkey or a family account using a password, the Credential Manager allows you to switch effortlessly.
How dose Passkeyswork?
Passkeys are built on WebAuthn, also known as Web Authentication technology. When you create a passkey, it's like creating a digital lock and key. There are two keys in play - one that the website or service keeps and another that's stored on your device for identity verification.
Now, what if you misplace or damage your device? No worries! Passkeys are versatile and work on multiple devices. You might even have a backup plan in place. Many services that support passkeys offer alternative methods like reauthentication via your phone number, email, or a hardware security key.
And if you're a fan of password managers, don't fret - options like 1Password and Dashlane also support passkeys. In fact, 1Password has gone the extra mile by creating a directory of services that welcome passkey-based sign-ins.
Your accounts are presented in a user-friendly pop-up on the sign-in page of the relevant app, giving you the power to choose.
For those who rely on third-party password managers, the Credential Manager has good news. It is compatible with various password managers and can show a pop-up of credentials saved for the relevant account.
This means you can use your preferred password manager seamlessly. Notably, password managers like 1Password and Enpass have already integrated with the Credential Manager, making the transition smoother for users.
For developers who want to make the shift, Google provides valuable information on integrating the Credential Manager with existing authentication flows. They also guide developers on migrating from FIDO2 to the Credential Manager API.