Ryan Haines / Android Authority
TL;DR
- Passkeys offer a secure, convenient option for authentication.
- Last fall the FIDO Alliance announced a new system for importing and exporting passkeys across devices and platforms.
- The Google Password Manager now shows signs of work towards implementing just such a system.
Making security sound sexy is a pretty tall ask, but passkeys sure manage a solid swing at earning that label. The password replacements aren’t just easier to use than old-fashioned passwords, letting our biometrics do the heavy lifting, but they also offer even stronger and more versatile cryptographic security. Really, maybe the most irksome part of using them has been the initial setup process, and even that’s been promising to get better, as we learned last fall of a new system for securely exporting and importing passkeys across platforms.
An APK teardown helps predict features that may arrive on a service in the future based on work-in-progress code. However, it is possible that such predicted features may not make it to a public release.
We’re still waiting to see what having access to those import/export tools will be like. In the meantime, we’re starting to see some signs of Google’s progress in this direction under the hood:
Code
<string name="pwm_credential_export_confirmation_title">Export passwords & passkeys</string>
<string name="pwm_credential_export_no_credentials_description">You don’t have any passwords or passkeys to export from Google Password Manager for %1$s</string>
<string name="pwm_install_password_manager_dialog_text">Your device doesn’t have a password manager that supports automatically transferring your passwords and passkeys. If you already downloaded your passwords, you can try importing the CSV file.</string>
<string name="pwm_install_password_manager_dialog_title">Install a password manager</string>Strings like these have started showing up across the last few releases, and we’re spotting the latest as we tear into Google Play Services 25.13.31 beta. We see multiple, direct references to passkey transfer and export tools for Google Password Manager. While there’s already similar support for password export in the tool as we have it now, we’re still waiting on that extending to passkeys.
Code
<string name="pwm_import_credentials_dialog_description">Import passwords & passkeys from another password manager to Google Password manager</string>
<string name="pwm_import_credentials_dialog_instruction_1">On the next screen, choose the password manager that has your passwords & passkeys</string>
<string name="pwm_import_credentials_dialog_instruction_2">Sign in to the other password manager and follow their instructions</string>
<string name="pwm_no_credentials_imported_dialog_text">The other password manager didn’t share any passwords or passkeys.</string>
<string name="pwm_no_credentials_imported_dialog_title">Nothing imported</string>Of course, exporting is only half of the equation, and Google’s similarly working to expand Password Manager’s import functionality from the passwords it supports now to the much more flexible passkeys.
Code
<string name="pwm_export_credentials_blocked_importer_message">Export blocked for your protection</string>
<string name="pwm_export_credentials_blocked_importer_sub_message">The password manager you’re trying to export to doesn’t follow best practices</string>Lest you be concerned that this new world of passkey import/export is going to be some sort of Wild West with sketchy apps possibly mishandling your passkey data, it looks like Google, at least, is taking steps to vet the services its export function supports, ensuring that security protocols are observed.
We still can’t say just when Google might have this feature ready for you to try out, but we’ll be keeping an eye on future development to see if we can’t spot any further progress.
Source link
