What is a Passkey and Why Should You Care?

Mishaal Rahman
|
Try Esper for Free
Learn about Esper mobile device management software for Android and iOS

The FIDO Alliance isn't a fan club for dogs, but a consortium of big tech companies that's trying to make authentication more secure. The Alliance has a lofty goal: To kill the password and replace it with something better. Enter the passkey.

You've probably read a blog post or two about it, but you may be wondering what the fuss is all about. We invited two of the foremost experts on the topic to join us on Android Bytes and explain how passkeys work and why we're better off without passwords.

Christiaan Brand is a Product Manager on Identity and Security at Google and Tim Cappalli is an Identity Standards Architect at Microsoft.

  • 03:09 - What's wrong with passwords?
  • 05:17 - How did we get to passkeys?
  • 07:47 - How do passkeys reinvent authentication?
  • 11:50 - What is the FIDO Alliance?
  • 14:38 - Are passkeys convenient to use?
  • 15:47 - What is WebAuthn, CTAP, and FIDO2?
  • 18:01 - What is a FIDO credential? What is the meaning of "passkey"?
  • 21:57 - At a high level, how do passkeys actually work?
  • 24:47 - What makes passkeys more resilient to phishing and data breaches?
  • 25:52 - How are passkeys backed up?
  • 27:15 - What happens if you forget that you made a passkey for a certain site?
  • 28:01 - Can you reuse passkeys?
  • 28:51 - Can passkeys be exported or transferred between password managers (passkey managers?)?
  • 31:44 - How do you use a passkey stored on your phone to login to a website on your PC (or vice versa)?
  • 35:50 - Is there a fallback method to support legacy devices? How long will passwords stick around?
  • 40:41 - Can you create a passkey for an existing account?
  • 41:28 - What will happen to physical security keys?

Learn more about passkeys at passkeys.dev and developers.google.com/identity/passkeys.

About the Podcast

Android Bytes (powered by Esper)

A weekly show that dives deep into the Android OS

Android Bytes (powered by Esper) is the podcast that dives deep into the engineering and business decisions behind the world’s most popular OS. 

Android powers over 3 billion devices worldwide and is the platform of choice for over a thousand companies. You’ll find Android on smartphones, tablets, watches, TV, cars, kiosks, and so much more. How does Google architect Android to run on so many form factors, and how do companies fork AOSP to make it run on even more devices? These are the kinds of questions the Android Bytes podcast considers each week.

Join cohosts Mishaal Rahman and David Ruddock, two journalists with extensive knowledge covering the Android OS platform and ecosystem, as they speak to system architects, kernel engineers, app developers, and other distinguished experts in the Android space.

Get in touch with us at Esper if you’re looking to use Android device management for GMS or non-GMS devices — we have the experience you need.

Our music is “19” by HOME and is licensed under CC BY 3.0.

FAQ

No items found.
The best video invention since DVDs
Joe Saavedra, Infinite Objects
What is a Passkey and Why Should You Care?
Mishaal Rahman
Mishaal Rahman

Mishaal Rahman is a Technical Editor at Esper. He has been an Android user for over a decade and has been at the forefront of Android news coverage for half a decade. His in-depth breakdowns of new Android versions have been referenced across the Internet.

Mishaal Rahman

Esper is Modern Device Management

For tablets, smartphones, kiosks, point of sale, IoT, and other business-critical devices, with features like:

Kiosk mode

Hardened device lockdown for all devices (not just kiosks)

App management

Google Play, Apple App Store, private apps, or a mix of all three

Device groups

Manage devices individually, in user-defined groups, or all at once

Remote tools

Monitor, troubleshoot, and update devices without leaving your desk

Touchless provisioning

Turn it on and walk away — let your devices provision themselves

Reporting and alerts

Custom reports and granular device alerts for managing by exception
Learn More