Learn passkeys for simpler and safer sign-in

Подписаться 755 тыс.

Просмотров 25 тыс.

50% 1

After years of work, we’re finally ready to retire passwords, creating simpler, smoother, and more secure experiences for your users that seamlessly across all the major platforms. This session will detail the benefits of passkeys, how to use them to deliver streamlined authentication flows, and how to evolve your identity stack to embrace this new technology.
Resources:
Sign in with a passkey through form autofill → goo.gle/3MlyD2a
Create a passkey for passwordless logins → goo.gle/3Kcytrf
Sign in your user with Credential Manager → goo.gle/3UpWq3f
Speaker: Eiji Kitamura
Watch more:
Watch all the Technical Sessions from Google I/O 2023 → goo.gle/IO23_sessions
Watch more Web Sessions → goo.gle/IO23_web
All Google I/O 2023 Sessions → goo.gle/IO23_all
Subscribe to Google Chrome Developers → goo.gle/ChromeDevs
#GoogleIO

Наука

Опубликовано:

21 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 29

@ChromeDevs Год назад

Join the conversation in the comments below for a chance to get your questions answered by the Chrome team. 👇👇🏻👇🏿👇🏽 👇🏾👇🏼

@cat_sally Год назад

It would be nice to skip the page where you press the "Next" confirmation button to ask if you want to log in with the pass key and automatically display the authentication screen. If it's set as the default authentication tool, I think we should make sure to choose an option or fail it.

@blaiseutube Год назад

FedCM FTW! Thank you !!

@rigbyb Год назад

Good video, thanks.

@bakhtyarshwani9976 11 месяцев назад

Hello, thank you for the explanation, but how can one change from two factors authentication, (like Google or Apple) to passkey, or whether any website or app, they must first give way to use passkey?

@CandixHR Год назад

Could passkeys be the sole method for signing up and logging in, or does it need to rely on a traditional authentication mechanism? And is it still necessary to have the user enter a unique username or email address?

@tobiasfedder1390 Год назад

As a developer I am excited about this authentication method build on top of Webauthn. As a - sometimes a bit paranoid - user I fear that I'd have to use the OS or browser vendors credential managers to sync the private keys instead of FOSS and storage of my choosing. I curious about the way this will develop.

@agektmr Год назад

The plan is you will be able to choose a password manager of your choice for passkeys starting Android 14.

@tobiasfedder1390 Год назад

@@agektmr Sounds great. Thank you.

@weezyf775 9 месяцев назад

whats the word on using a passkey on a shared account. for example i shared a profile with 2 others can I safely add a passkey that only I will use?

@romanpurishy Год назад

What happens when the user deletes created passkey? How can I bind this user with an account in my service?

@powerDM 9 месяцев назад

01:32 "as a developer you only store a public key instead of a password" - why would you as a developer store a password instead of password hash?

@kalidsherefuddin Год назад

Thanks

@mattmazzola Год назад

As I understand there are Roaming authenticators (Phone, USB, etc) and Platform authenticators (Laptop, Desktop). When I experimented last there was issue if user creates account on website using a platform authenticator which is likely more convenient, then later they try login to the account from their phone, but they can't since it is a different device. From what I understood in the video, FIDO's solution to mitigate this is to allow syncing credentials across devices. Can you explain more about this works? It was my understanding these credentials don't leave the TPM (Trusted Platform Module) and I didn't understand how they could be shared. It seems like the boundary between Roaming and Platform is less clear now, and perhaps doesn't matter. Although the synchronization may be extra level of complexity for users.

@agektmr Год назад

A passkey created on a device is actually a private key and some metadata, and it will be synchronized across devices through the credential provider - for Google's case, Google Password Manager. It's encrypted on the device and needs to be decrypted on the sync'ed device. To learn how it works more, please read developers.google.com/identity/passkeys/supported-environments or passkeys.dev/device-support/

@AlexWohlbruck Год назад

Does this make it possible to create anonymous user authentication? It seems this removes the need for a unique identifier such as email addresses for users to log in, in that case there is no need to know the identity of the user. Really cool for privacy-first apps!

@agektmr Год назад

I don't know what you exactly mean by anonymous user authentication, but creating an anonymous account is totally possible with a passkey. Though, it's already possible with a password too. It's just a matter of the service's preference to ask the user's email address.

@brucewayne2955 Год назад

Can I use a passkey to sign into my Chromebook?

@agektmr Год назад

You can use your phone to sign in on Chromebook, now. In the future, you'll be available to use the device's biometric sensor to sign in to websites!

@Ferhatt399 Год назад

For example, passkey is on in my google account and my phone was stolen and then I bought myself a new phone. My question is how do I log in with the passkey on the new phone?

@agektmr Год назад

You can use your password and the second factor to sign in to your Google account and recover your passkeys using the previous device's PIN.

@64nghia 9 месяцев назад

@@agektmrIn the end, you still have to use a password. So how can we say Passkey will replace password? The bad guy will pretend that the phone is lost or broken to be able to enter the password. So how can we say Passkey is more secure than password?

@derjansan9564 Год назад

Is there a solution for situtations when the phone is stolen or broken that also non-technical users can understand?

@agektmr Год назад

Yes, passkeys created on Android are backed up and synced with Android devices that are signed in to the same Google Account, in the same way as passwords are backed up to the password manager. That means user's passkeys go with them when they replace their devices. To sign into apps on a new phone, all the user needs to do is to verify themselves with their existing device's screen lock. developers.google.com/identity/passkeys/faq#what_happens_if_a_user_loses_their_device

@yrs207 5 месяцев назад

that means the user still needs to login using pass + 2nd factor to login to their new devices... which means the android (google) itself can NOT be only supported by passkey.@@agektmr

@heinou1913 Год назад

What the differences with normal webauthn？

@agektmr Год назад

To create and authenticate with passkeys, you use WebAuthn and there's nothing different from web developer perspective.

@H4KnSL4K Год назад

So far a great presentation, and I expect the presenter is likely a great engineer at Google. So props to him. But for a presentation like this, would it not make sense to have someone who is more fluent - or rather, has less of a foreign accent - to actually present it? No disrespect to anyone intended, I just wonder at the idea.

@H4KnSL4K Год назад

I suppose the difficulty here is the variety in the audience. Is this globally targeted? Does this accent make it easier to understand for a large group of people, just a different group to the one I am a part of? How many variations would it make sense to publish? A couple for each major language .. perhaps a dozen in english, for those with different cultural backgrounds and strong accents?