It was announced on Wednesday morning that the company has taken another step towards a passwordless future by adding support for passkey login to its browsers. Passkeys, which let you use your phone or computer's built-in authentication systems instead of a traditional password, have support from all the major tech companies.

Passkey is acredential that is stored on a device, like a phone or computer, that can be used to confirm a website or application that you say you are. You verify your identity to the device, and it can log in to sites and services you use without relying on a password that could be stolen, reused across multiple sites, or that you might be tricked into giving up to a fake customer service agent.

A passkey can't be easily stolen in the same way that a password can, and because it relies on access to a physical device, it combines the security of hardware two-factor authentication with the familiarity of smartphones use.

The stable launch coming later this year will allow people to log in to supported websites using their device's fingerprints or other credentials instead of a password.

Both developers and device end users will be able to take advantage of the new feature in different ways, as a result of the passkey announcement. Now that all the platforms people use are starting to support passkeys, developers have the incentive and chance to make sure they work before the features are available to everyone.

Web developers can build support for passkey login on sites they operate by using the WebAuthn. The feature is already available for early users.

If the device is lost, the passkeys are backed up to the cloud and stored on a phone. If you want an in-depth explanation of how the system works, you'll find it on the security post on the internet giant's website.

Screenshot showing Google’s use this passkey screen, which prompts you to choose the passkey you’d like to use. Next to it is a screenshot prompting the user to use their screen lock to use their thumbprint or PIN to unlock the account.
When you go to login with a passkey, you’ll be prompted which account you want to log in with. After you pick, you’ll be asked to scan your fingerprint, put in your pin, or otherwise authenticate yourself as you would to unlock your phone.
Image: Google

Cross-platform

Cross- platform compatibility is one of the most important aspects of the passkey system. A passkey saved on a phone can be used to authorize a web login on another nearby device, which means that anAndroid phone owner can sign in to a website from a Mac. The user experience will involve a pop-up on the desktop site and confirmation on the phone that the passkey option should be used.

Passkey technology is built on industry standards called FIDO2 and Web Authentication Level 3 rather than being a proprietary technology.

Photo of an Android phone that says “connecting to your device, use your screen lock,” in front of a MacBook that says “use your device to choose a passkey.”
You can log in to a site on your Apple device using your Android phone just by scanning a QR code.

Passkey logins are expected to be rolled out to the major platforms throughout this year and early next year. As for what you can log into using passkeys, there are a few apps and websites that support them, but based on our tests, you have to go out of your way to actually use them.

The timeline of a passwordless future is something that is positive for the company. An upcoming update will allow third-party credential managers to support pass keys for their users.

The authors write that they are committed to a world where users can choose where their passwords and pass keys are kept. Our work is not done.