PayPal is expand access to pass key logins to Android users in the United States, as long as they access the website on the Chrome browser. The payment processor first passkey logins introduced for Apple computers and tablets running macOS Ventura and iPadOS16 in October last year. Google had yet to release stable passkey support for Android and Chrome at the time, but PayPal promised to make the password alternative available for other platforms and countries at the future.
In December last year, security keys were rolled out to stable Chrome. Now PayPal delivers on its promise, with some limitations. The sign-in option is not yet available for the payment processor’s Android app, and users can only enable it if they’re using Chrome on a device running Android 9.
The new authentication technology allows users to access websites and services that support it without having to enter their usernames and passwords. While it can use biometric authentication to verify a user’s identity, it’s not quite the same as current login technology that automatically populates login boxes using the facial or fingerprint recognition. The technology creates a pair of cryptographic keys – one public and one private – which is associated with a user’s account. Apps and services that support access keys use the public key to confirm a person’s identity by matching it to the private key, which is stored on the user’s device. As The edge notes, some password managers can now also sync passkeys between devices.
To activate Passkeys for PayPal on Android, eligible users must first log in the traditional way on a Chrome browser. Then, the option “create a password” will appear and they will be asked to verify their identity using their biometrics or their phone password. Once setup is complete, they will find that they no longer have to type anything to quickly verify purchases with PayPal on Chrome. Security keys also provide enhanced security, as they are phishing resistant. And, because one of the key pairs is kept on the user’s device, people’s login credentials won’t be compromised in the event of an app or service data breach.
