Password manager app Dashlane is releasing a new feature that lets you create, store, and sync passkeys on smartphones running the upcoming Android 14 OS. A developer preview released last month adds new abilities to Android that let third-party password managers use the logins with compatible apps on the platform.
A passkey, of course, is a passwordless login built on the FIDO standard, designed to make it hard for malicious parties to phish access from users since there’s no password to steal. Once authenticated, a computer, smartphone, or specialized secure hardware device like a YubiKey completes the passkey login using biometrics like Face ID, fingerprint readers, or a PIN.
Apple, Google, and Microsoft have adopted passkeys and are building them right into their operating systems. The companies are working together to make the experience seamless for users — even agreeing on using the same name.
Until now, Dashlane and other similar managers couldn’t directly tap into smartphones’ hardware and OS-level secure passkey system — making it tough to compete with Apple’s and Android’s built-in password managers to make passkeys. Dashlane already supports passkeys in desktop Chrome via an extension, while competitor 1Password has announced a solution to take passkeys cross-platform with its Universal Sign On.
Users running the latest Android 14 Developer Preview, however, can now easily create app passkeys that directly mingle with third parties like Dashlane, assuming it’s set up to be the default password manager in settings. Dashlane shared a video on Twitter about how the process works, showing that the OS hands the duty off to a third party like Dashlane.
In terms of how it works, Dashlane provides this explanation in its blog post:
When creating a passkey, Dashlane will generate an asymmetric key pair, storing the private key securely in the user’s vault and returning the public key to the relying party (the website or application registering the passkey). When signing in with a passkey, the relying party will send a challenge that Dashlane will sign with the private key, sending the response back to authenticate the user.
Dashlane’s mobile app still can’t be used in a web browser, just apps. But the company expects to see that ability come in another preview before Android 14 is officially released.
It’s going to be a long road to get users to count on Dashlane for passkeys since it’ll need app makers and websites to adopt the feature. But that’s not just a Dashlane problem; it’s really a problem for any member of the FIDO Alliance, all of whom are hard at work to get people off passwords and onto passkeys.