Android Bytes (powered by Esper) is the podcast that dives deep into the engineering and business decisions behind the world’s most popular OS. https://www.esper.io Android powers over 3 billion devices worldwide and is the platform of choice for over a thousand companies. You’ll find Android on smartphones, tablets, watches, TV, cars, kiosks, and so much more. How does Google architect Android to run on so many form factors, and how do companies fork AOSP to make it run on even more devices? These are the kinds of questions the Android Bytes podcast considers each week. Join cohosts Mishaal Rahman and David Ruddock, two journalists with extensive knowledge covering the Android OS platform and ecosystem, as they speak to system architects, kernel engineers, app developers, and other distinguished experts in the Android space. Get in touch with us at Esper.io if you’re looking to use Android for your product — we have the experience you need.

What is a passkey and why should you care?

December 19, 2022 52:32 50.43 MB Downloads: 0

The FIDO Alliance isn't a fan club for dogs, but a consortium of big tech companies that's trying to make authentication more secure. The Alliance has a lofty goal: To kill the password and replace it with something better. Enter the passkey.

You've probably read a blog post or two about it, but you may be wondering what the fuss is all about. We invited two of the foremost experts on the topic to join us on Android Bytes and explain how passkeys work and why we're better off without passwords.

Christiaan Brand is a Product Manager on Identity and Security at Google and Tim Cappalli is an Identity Standards Architect at Microsoft.

  • 03:09 - What's wrong with passwords?
  • 05:17 - How did we get to passkeys?
  • 07:47 - How do passkeys reinvent authentication?
  • 11:50 - What is the FIDO Alliance?
  • 14:38 - Are passkeys convenient to use?
  • 15:47 - What is WebAuthn, CTAP, and FIDO2?
  • 18:01 - What is a FIDO credential? What is the meaning of "passkey"?
  • 21:57 - At a high level, how do passkeys actually work?
  • 24:47 - What makes passkeys more resilient to phishing and data breaches?
  • 25:52 - How are passkeys backed up?
  • 27:15 - What happens if you forget that you made a passkey for a certain site?
  • 28:01 - Can you reuse passkeys?
  • 28:51 - Can passkeys be exported or transferred between password managers (passkey managers?)?
  • 31:44 - How do you use a passkey stored on your phone to login to a website on your PC (or vice versa)?
  • 35:50 - Is there a fallback method to support legacy devices? How long will passwords stick around?
  • 40:41 - Can you create a passkey for an existing account?
  • 41:28 - What will happen to physical security keys?

Learn more about passkeys at passkeys.dev and developers.google.com/identity/passkeys.

Android Bytes is hosted by Mishaal Rahman, Senior Technical Editor, and David Ruddock, Editor in Chief, of Esper.


For more about Esper, visit us.


Our music is "19" by HOME and is licensed under CC BY 3.0.