Google is making Android apps more secure by introducing a new feature. They announced this in a blog post for developers. The public will have access to this feature, known as Credential Manager, starting from November 1st. Credential Manager is a special tool for Android. It allows you to store important information like usernames, passwords, and passkeys. It uses these credentials to ensure the security of your accounts. This feature can be used with various login methods like using your fingerprint or typing in your password. It’s a one-stop solution to make your Android phone more secure.
The introduction of Credential Manager in Android 14 is expected to bring significant improvements to app authentication. With Credential Manager, apps can provide users with convenient biometric login options using passkeys. This should result in a smoother sign-in process, especially for those who prefer biometric methods over remembering passwords. Additionally, third-party password managers such as 1Password can make use of this API to offer users a more integrated experience, especially when users choose alternatives to Google Password Manager.
At Google I/O this year, Google provided insight into the reasons behind its push for passkeys in Android. In another recent blog post, Google mentioned its plans to phase out several authentication APIs, streamlining the process for developers who will now primarily rely on Credential Manager for user authentication. This move aims to simplify the authentication process, encouraging more third-party apps to adopt this method, with some notable examples like WhatsApp and Uber already implementing it.
Gizchina News of the week
What are Passkeys? 
Passkeys serve as a convenient alternative to traditional passwords, leveraging your device’s built-in authentication methods. This means you can access services like Gmail, PayPal, or iCloud effortlessly by using Face ID on your iPhone, the fingerprint sensor on your Android phone, or Windows Hello on a PC. This streamlines the login process, enhancing both security and user experience.
Using WebAuthn technology, the creation of a passkey involves generating two distinct keys. One of these keys is kept by the website or service where your account is registered, while the other is a private key which stores on the device you use to confirm your identity. This dual-key system enhances security and verification.
What Happens to Your Passkeys if you Lose or Break your Smartphone? 
Naturally, you might wonder about the safety of your passkeys if your device breaks down or gets lost. The good news you can use passkeys on multiple devices, so you may have a backup option. Additionally, many services that incorporate passkeys offer alternative ways to reauthenticate, such as through your phone number, email address, or a hardware security key, if you have one. This ensures that you can regain access to your accounts even if you lose your device.
Both Apple and Google’s password management systems already provide support for passkeys, as do popular password manager apps like 1Password and Dashlane. Additionally, 1Password has introduced an online directory that lists services allowing users to sign in using a passkey. This further extends the convenience and security of passkey-based authentication.
