Google has announed it will be rolling out its new Credential Manager to Android 14 users from November 1, with the aim of making logging in to apps a much simpler process.
The Credential Manager will support passkeys, the new passwordless technology that typically only requires a users' biometric data or PIN to sign in to certain supported accounts. Stored passwords and other means of logging in will also be merged into the new feature.
Google notes that while passkeys are a boon for users, they are also beneficial for developers, as they do not need to integrate and maintain various login methods for apps, like passwords, email links, and OTP.
Simpler for developers and users
The Credential Manager will bring passkeys together with traditional login methods, like passwords and federated identity, in a single place to make it easier for users to find their logins.
Google claims that passkeys offer a 50% quicker login rate for apps, and are also more secure, as they are phishing resistant - no one knows what the private cryptographic key underlying the technology is, not even the user.
Some apps have already integrated the Credential Manager into their fold, as a means for customers to user their passkeys easily. WhatsApp Head of Engineering Nitin Gupta said that the "Credential Manager API is so important" for "simplifying the way users can securely get into their account."
Ramsin Betyousef, Sr. Director of Engineering at Uber, was also enthused about the "developer-friendly suite of APIs," commenting that they "enable seamless integration with our apps, eliminating concerns about device fragmentation."
The Credential Manager also allows supports multiple accounts with different sign-in methods for the same app. Google uses the example of a user's personal account, which may be secured with a passkey, and their family account, which may use a password. The two accounts will be shown in a pop-up on the sign-in page of the app in question, and the user can simply choose which one they want to sign in with.
What's more, the Credential Manager is also compatible with other password managers, again showing a popup of credentials saved for the relevant account on whatever third-party password manager you have. It even supports multiple password managers at the same time.
Google claims that several managers have already integrated with the Credential Manager, including 1Password and Enpass. Google also has further information for developers on its blog on how to integrate the Credential Manager with existing authentication flows and Sign In with Google, as well as how to migrate from FIDO2 to the Credential Manager API.
