PayPal launches passkey logins for Android in the US
Right now, users need the Chrome browser to use the feature.
PayPal is expanding access to passkey logins to Android users in the US, so long as they access the website on the Chrome browser. The payment processor first introduced passkey logins for Apple's computers and tablets running macOS Ventura and iPadOS16 in October last year. Google had yet to release stable passkey support for Android and Chrome at the time, but PayPal promised to make the password alternative available to other platforms and countries in the future.
By December last year, passkeys rolled out to stable Chrome. Now PayPal is making good on its promise, with some limitations. The login option isn't available for the payment processor's Android app yet, and users can only activate it if they're using Chrome on a device running Android 9.
The new authentication technology allows users to access websites and services that support it without having to type in usernames and passwords. While it can use biometric authentication to verify a user's identity, it's not quite the same as current login tech that auto-populates login boxes using facial or fingerprint recognition. The technology creates a cryptographic key pair — one public and one private — that becomes associated with a user's account. Apps and services that support passkeys use the public key to confirm a person's identity by matching it to the private key, which is kept in the user's device. As The Verge notes, some password managers can now sync passkeys between devices, as well.
To activate passkeys for PayPal on Android, eligible users have to log in the traditional way on a Chrome browser first. Then, the option to "create a passkey" will appear, and they will be prompted to verify their identity using their biometrics or their phone's passcode. After they're done setting up, they'll find that they'll no longer have to type in anything to quickly check out purchases with PayPal on Chrome. Passkeys also provide stronger security, since they're resistant to phishing. And, since one of the key pairs is kept on the user's device, people's login information won't be compromised in case of an app or service data breach.