Google accelerates the end of passwords: what are the 'passkeys' that will put an end to them on Android?

Google has introduced a new feature on Android that will automatically convert passwords into Passkeys , a more secure and easy-to-use authentication system. The move aligns with the company's other recent initiatives aimed at strengthening its users' digital security, including AI-powered warnings about malicious notifications and a critical update to Chrome .

Remember the last time you forgot a password or discovered it had been compromised in an attack? Now imagine never having to remember one again. With the new Android update, Google is taking a decisive step toward making that future a reality. But what does it mean when your credentials are automatically changed without your permission? Are we ready to delegate this control to automated systems?

As zero-touch attacks and massive password breaches become more frequent, the need to strengthen security is urgent. Android's new feature not only responds to that demand but also anticipates the future of digital authentication.

According to a code review conducted by Android Authority, this new feature is currently in beta within Google Play Services (version 25.19.31) and will allow the Android password manager to automatically update credentials without explicit user intervention , provided the website or app supports passkeys. Users will have the option to disable this feature if they prefer to stick with traditional passwords.

For years, passwords have been considered the weakest link in the cybersecurity chain. They are easy to forget, susceptible to leaks, and, in many cases, predictable. Faced with these limitations, passkeys —a form of authentication based on open standards like FIDO2— represent a solution that eliminates the need to write down or remember passwords.

Unlike traditional passwords, passkeys use a system of cryptographic keys linked to specific devices, such as a mobile phone or computer. Authentication is performed using a fingerprint, facial recognition, or a local PIN , without transmitting sensitive data over the network.

Google, along with other technology companies such as Apple and Microsoft, has been one of the driving forces behind this standard. In this context, the automatic transition from passwords to passkeys on Android is presented as a consistent and expected move.

According to information revealed by Android Authority, Android's built-in password manager will begin converting stored credentials into passkeys without explicit user approval. This option will be enabled by default, although it can be disabled in the system settings.

This change is currently in beta within Google Play Services, version 25.19.31, and is now available to some users. It will work as follows:

• If a website or app supports passkeys , the system will automatically detect that possibility.
• The traditional password will be replaced by a locally generated and securely stored cryptographic key.
• The process will not require user interaction, although it can be configured to maintain manual control.

The intention is to simplify the transition to a more robust technology, without requiring active user intervention or manual migrations.

One of the most significant aspects of this update is its focus on silent automation. Google aims to enable the average user, who often doesn't change their habits until forced, to seamlessly adopt more secure technology. Convenience and protection converge in a solution that reduces vulnerabilities and improves the overall experience.

However, this automation also raises questions. What about users who want full control over their authentication? What guarantees are there that the conversion will be error-free or without compromising credentials?

From a cybersecurity perspective, experts agree that passkeys are a substantial improvement. But like any technological innovation, it requires a process of adaptation, both technical and cultural.

The context in which Google is launching this feature is no coincidence. Currently, it's estimated that more than 19 billion compromised passwords are circulating on criminal forums . This figure not only reveals the magnitude of the problem, but also the need for systemic change.

Furthermore, the frequency of attacks that require no user interaction—that is, attacks that can infect a device without a single click—reinforces the urgency of adopting stronger authentication mechanisms. In this scenario, waiting for the user to take the initiative is no longer a valid strategy.

With this update, Google is acting preventively and proactively. Its goal is clear: to reduce dependence on an outdated and insecure system and facilitate the adoption of more robust technologies.

An additional question raised by this evolution is the future role of password managers. Companies like 1Password, Dashlane, and LastPass have begun integrating support for passwords , adapting to the new paradigm. But as the operating system assumes these functions natively, their relevance could be reduced.

Google's integration of automatic conversion into its own ecosystem strengthens its position in the digital identity management space. Competition won't disappear, but it will change shape. What was once an indispensable application could become a system feature.