Passkeys: How Android developers migrate their users to the password alternative
Passkeys are gaining popularity as an alternative to passwords with higher security. Google shows how developers can motivate their app users to switch.
(Image: HQuality/Shutterstock.com)
Google has presented best practices for developers who want to migrate the users of their apps to passkeys. Passkeys are becoming increasingly popular because they are more secure than passwords –, for example, they protect against phishing attacks – and are very user-friendly. Passkeys can be used to sign in to apps and websites using a biometric sensor – such as fingerprint or facial recognition –, PIN or pattern.
For Android developers, the Jetpack API Credential Manager is available to enable users to use passkeys while supporting traditional sign-in methods such as passwords.
(Image:Â Alexander Supertramp/Shutterstock.com)
Nine out of ten web applications have security vulnerabilities – High time for web developers to act. The first enterJS Web Security Day on October 9, 2025 will focus on automated security checks, the use of passkeys and protection against AI-based attacks.
To encourage users of their applications to use passkeys, Google presents opportunities for developers in various UX flows on the Android Developers Blog. For example, a prompt to create a passkey can be useful when creating an account, or when signing in via OTP, password or other sign-in methods. Other good opportunities arise during account recovery and when resetting a password – especially in the latter case, users are more receptive to the simplicity and security of passkeys.
(Image:Â Android Developers Blog)
Best practices: Convince users of Passkeys
Google recommends that Android developers make the use of passkeys appealing to their app users by following a few best practices. For example, it is important to explain the following benefits to users in a simple way: They get improved security such as protection against phishing, no longer have to enter a password, can use the same passkey across different platforms and get a consistent authentication experience.
Videos by heise
This can look like this, for example:
(Image:Â Android Developers Blog)
Another recommendation from Google is to provide a seamless user experience using the unified user interface (UI) through the Credential Manager. Users should also be given clarity about their authentication options within the app and receive further explanations about passkeys, for example through corresponding links. According to Google, a phased rollout to a smaller group of users is also advisable before the wider use of Passkeys in order to gather feedback and improve the user experience.
Developers can find further detailed assistancein the UX guidelines.
(mai)
