PayPal is expand access to password logins for Android users in the US, provided they access the website in the Chrome browser. The payment processor first introduced passkey logins for Apple computers and tablets running macOS Ventura and iPadOS16 in October last year. Google hadn’t yet released stable passkey support for Android and Chrome at the time, but PayPal promised to make the password alternative available for other platforms and countries in the future.
In December of last year, access keys were implemented in stable Chrome. Now PayPal is making good on its promise, with some limitations. The login option is not yet available for the payment processor Android app and users can only turn it on if they are using Chrome on a device running Android 9.
New authentication technology allows users to access supported websites and services without having to enter usernames and passwords. While you can use biometric authentication to verify a user’s identity, it’s not the same as current login technology that automatically populates login boxes using fingerprint or facial recognition. The technology creates a cryptographic key pair, one public and one private, that is associated with a user’s account. Apps and services that support access keys use the public key to confirm a person’s identity by comparing it to the private key, which is stored on the user’s device. As the edge Note, some password managers can now also sync passwords between devices.
To activate passcodes for PayPal on Android, eligible users must first log in the traditional way in a Chrome browser. Then, the option to “create a passkey” will appear, and they will be asked to verify their identity using their biometric data or their phone’s passkey. Once they’re done setting up, they’ll find that they no longer have to type anything to quickly verify PayPal purchases in Chrome. Access keys also provide added security, as they are resistant to phishing. And because one of the key pairs is kept on the user’s device, people’s login information won’t be compromised in the event of an app or service data breach.
