Why Google’s New Passkey Is Replacing Passwords on Android and Chrome

On October 12, Google announced that Android and Chrome will officially roll out Passkey, a key‑based login method designed to replace the long‑standing password authentication.

The Passkey system combines "biometric passwords" and "authorized login" by creating a public‑key credential on the Android device, secured with biometric verification such as fingerprint or facial recognition.

Once created, the credential can unlock any online account on the Android phone and on nearby devices, making it a cross‑platform solution supported by Microsoft, Apple and Google under the FIDO standard. It works across Windows, macOS, iOS, and ChromeOS.

Google argues that traditional password login is vulnerable to phishing and credential theft, whereas Passkey cannot be reused, does not expose server‑side secrets, and protects users from phishing attacks and forgotten passwords. Even if a phone is lost, the FIDO key can be securely synced to a new device via cloud backup.

Currently, the Passkey feature implements two key capabilities:

Users can create and use a Passkey on Android devices, with the credential synchronized through Google Password Manager.

Developers can build Passkey support on websites using the WebAuthn API, Android, and other platforms via Chrome.

To add Passkey login to a website, developers need to register for the Google Play Services beta and use the Chrome Canary version.

The next milestone is a native Android app API that will offer multiple login options, allowing users to choose Passkey or a saved password.

Related link: https://android-developers.googleblog.com/2022/10/bringing-passkeys-to-android-and-chrome.html