News

Google has announced the public rollout of Credential Manager, a new Android-specific API designed to store credentials like username and password combinations and passkeys. The API, which has been in developer preview for several months, aims to provide a more seamless authentication experience for Android users.

Credential Manager consolidates biometric authentication of passkeys, traditional passwords, and federated identity login into a single platform on Android phones. With the integration of Credential Manager, apps can offer users the option of easy biometric logins using passkeys, reducing the need to remember and manage login information manually. Third-party password managers, such as 1Password, can also integrate with the API for a streamlined authentication experience.

Google’s decision to emphasize passkeys is in line with its push for better authentication methods in Android. By deprecating several authentication APIs, Google is encouraging developers to adopt the Credential Manager for user authentication. This move is expected to simplify the authentication process for third-party apps, potentially leading to widespread adoption.

Passkeys are authentication methods that can replace traditional passwords using the device’s built-in authentication technologies. This means that users can sign into services like Gmail, PayPal, or iCloud by simply using features like Face ID on an iPhone, the fingerprint sensor on an Android phone, or Windows Hello on a PC. Passkeys are built on WebAuthn (Web Authentication) technology and involve generating two different keys: one stored by the website or service and a private key stored on the user’s device for identity verification.

In the event that a device is lost or broken, passkeys offer backup options. Many services that support passkeys provide alternative methods of reauthentication, such as phone numbers, email addresses, or hardware security keys. Popular password vaults, such as those developed by Apple and Google, already support passkeys, as do password managers like 1Password and Dashlane.

Sources:

Source article: The Verge

Definitions:
– Credential Manager: A new Android-specific API that stores credentials like username and password combinations and passkeys.
– Passkeys: Authentication methods that replace traditional passwords using the device’s built-in authentication technologies.
– WebAuthn (Web Authentication): A technology used to generate passkeys by creating two different keys: one stored by the website or service and a private key stored on the user’s device for identity verification.
– Third-party password managers: Software applications that securely store and manage passwords for multiple online accounts.
– Authorization APIs: Application Programming Interfaces (APIs) that enable app developers to implement user authentication and authorization functionalities.

The post Google’s Credential Manager API Offers Enhanced Passkey Support for Android Apps appeared first on Fagen Wasanni Technologies.