Google replaces passwords on Android and Chrome — goodbye, phishing attacks

Fingerprint on phone with Google logo
(Image credit: Leon Neal / Getty Images)

Google is kicking off its much-talked-about passwordless future, announcing the launch of passkey support to both Android and Chrome. Soon, all Android phone users will only need their fingerprint, face, or screen lock to sign into their accounts.

As stated in the announcement, passkeys are a replacement for passwords that build upon the usual method of password autofill. Instead of thinking up a strong password, those with an Android phone (including those who picked up the new Pixel 7 and Pixel 7 Pro) will only need to confirm their identity using secure methods like a fingerprint or a phone unlock.

With passkeys, passwordless authentications cannot be reused, don't leak in server breaches, and protect users from phishing attacks. Threat actors won't have the means to break into an account, as the new security standard will need your phone or computer, or biometric data to gain access. 

(Image credit: Google)

As Google points out, passkeys on users’ phones and PCs are backed up and synced through the cloud to prevent lockouts in case the user loses their device. What's more, they can be used to sign into apps and websites on other nearby devices — that includes Windows, macOS and iOS, and ChromeOS.

The new security feature is currently available to developers, who can enroll in using passkeys in the Google Play Services beta (opens in new tab) and use Chrome Canary (opens in new tab). For everyone else, passkeys will roll out later in 2022.

Once available, users will be able to create and use passkeys on Android devices, which will be synced to the Google Password Manager. Developers will also be able to build passkey support on their sites and apps using Chrome, Android, and other supported platforms.

The move to passkeys isn't just from Google. Apple has also introduced its own passkey, and Microsoft is on board, too. All three companies will be using the common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium.

How to create a passkey

Google outlines how users can create a passkey, which requires two steps. First, users must confirm their passkey account information for an account, and second, use their fingerprint, face, or screen lock to confirm their identity.

When signing in, users will need to select the account they are trying to sign in to, and then use their fingerprint, face, or screen lock. That's it! 

(Image credit: Google)

You can also sign in to websites using an Android device on a nearby PC.

"For example, an Android user can now sign in to a passkey-enabled website using Safari on a Mac," the announcement states. "Similarly, passkey support in Chrome means that a Chrome user, for example on Windows, can do the same using a passkey stored on their iOS device."

The move toward a passwordless future is here, and even the best password managers like LastPass have announced passwordless logins. While passkeys will be available to all Android users soon, in the meantime, check out how to make a strong password

Darragh Murphy
Editor

Darragh Murphy is fascinated by all things bizarre, which usually leads to assorted coverage varying from washing machines designed for AirPods to the mischievous world of cyberattacks. Whether it's connecting Scar from The Lion King to two-factor authentication or turning his love for gadgets into a fabricated rap battle from 8 Mile, he believes there’s always a quirky spin to be made. With a Master’s degree in Magazine Journalism from The University of Sheffield, along with short stints at Kerrang! and Exposed Magazine, Darragh started his career writing about the tech industry at Time Out Dubai and ShortList Dubai, covering everything from the latest iPhone models and Huawei laptops to massive Esports events in the Middle East. Now, he can be found proudly diving into gaming, gadgets, and letting readers know the joys of docking stations for Laptop Mag.