Android 14 paves the way to replace passwords with passkeys
Google engineers are working on Android 14 right now, which is expected to be released later this year. One of the improvements of Android 14 is the unlocking of passkeys management for third-party apps on Android devices.
Passkeys is an up-and-coming standard to replace passwords with a more secure authentication option, which many of the involved companies call passwordless. Broken down, passkeys offer better security when compared to passwords for a number of reasons. One of the primary reasons is that one part of a passkey is found only on the local user device. Sites and apps never know about it, and it does not need to be entered anywhere.
Phishing, attacks that attempt to steal passwords, attacks against sites and apps directly, to steal databases with password information, and several other forms of threats do not work against passkeys for those reasons.
Google introduced support for passkeys back in October 2022 in Android and the company's Google Chrome web browser. While that was an important milestone into introducing support for passkeys in Android, it was limited up until now to the Google Password Manager on Android.
Even if another developer wanted to introduce passkeys support in their app, they could not offer their own storage solution for passkeys, but had to rely on the default password manager on Android instead.
The restriction is lifted in Android 14. Dashlane, a company best known for its password management service, revealed the change on the official blog.
"This developer preview contains Android changes that enable third-party applications to manage passkeys."
Last month, Dashlane announced that it would introduce passkeys support in its Android app.
Dashlane has introduced support for passkeys in its password manager through the Dashlane extension for Google Chrome. The extension should work in all Chromium-based browsers.
Android users who rely on different password managers, be it Dashlane, 1Password, Bitwarden or others, could not use these applications up until now to store and sync passkeys. Google has implemented the required changes for third-party applications to manage passkeys on Android devices.
Password managers like Dashlane are at the forefront of this, as passkeys is a natural fit. Password managers protect data, passwords, credit card numbers and other important information, on Android, the web and elswhere. Passkeys are just another thing that password managers may store securely.
Dashlane explains that the creation of passkeys is much simpler than that of passwords. Users could, for example, "simply create a passkey using their fingerprint instead of entering a password", the company notes on its official website.
The company is not the only password manager that has set its eye on adding passkeys support. 1Password announced support for the standard as well last month, and Bitwarden supports it already as well in some of its services.
Closing Words
Android 14 may catapult passkeys into the mainstream. Most password management apps will introduce support for the security feature once it becomes supported officially, and sites will also start taking note of the new feature.
Now You: do you plan to switch to passkeys if supported?
Just a bunch of middleman * attempting to data mine your info by introducing an additional layer of ‘security’.
I’m surprised there are people who actually think this is a good idea.
‘Cloud’ is just a fancy way to say ‘someone else’s computer’… something beyond your control.
pls stop advertising passkeys as improvment, theyre rather an alternative. passwords must not be replaced!
some disadvantages of passkeys
– if you have problems with biometric identification you cant use any of the apps/servives
– you cant share any accounts, even in emergencies when you need a 3. person access them (eg mail)
– you cant login into your accounts when your id device got lost/stolen.
– easy forced decryption.
soo, pls, dont jum blindlessly into another dependency, – smartphones are aready impacting our lifes enough, dont make them absolute mandatory.
that passkeys add an artificial dependency, like the used device – that fact google silently drops.
done wrong its just another way to add control over ppl. and googles motives arent that bright for the users.
I see yet another attempt to get my personal imformation. My phone number is personal I do not wish to share it.
Convinience is the opposite of security.
There is nothing wrong with the current password system.
There is a huge problem with the people who don’t understand how to properly use it.
“You can’t fix stupid with duct tape!”
According to the Dashlane link in the article, Dashlane are saying the following:
“…Although the user interface of the bottom sheet (the component that slides up from the bottom of your screen to show additional content) is part of Android, the passkey is actually being created by Dashlane and stored in the user’s vault.”
I was under the impression that one of the main advantages of Passkeys is that the private keys were stored in secure hardware that is not accessible by the user (for example in a TPM chip, Secure Enclave, ARM TrustZone, etc.). With third-party password managers, are the private keys stored in secure hardware or in the user’s vault?
@ ECJ,
They’re stored in the cloud, but part of the key is left on the device so that even in the event of a server breach hackers can’t use them unless they’e in possession of the device as well.
@ Tachy,
Hardly realistic because you can block numbers using the phone app. On a Samsung phone, open the app and tap the three vertical dots to open Settings. You’ll see “Block Numbers” as one of the options. Once you’ve added a phone number in there, you’ll never hear from that person again.