[MUSIC PLAYING] KATERYNA SEMENOVA: Hi, I'm
Kateryna, a Developer Relations Engineer with Android. GINA BIERNACKI: And
I'm Gina, a Product Manager with Google Identity. Today, we'll tell you about our
latest authentication solutions for Android that are designed
to help you simplify sign-up and sign-in for your apps. Then we'll share some holistic
cross-platform identity best practices with you. Let's get started. Most people need
to manage accounts across multiple apps, websites,
devices and platforms. For developers, sign-up
and sign-in flows are among the most critical
user journey for your app. We know it's important for
you to make these actions as seamless as
possible while ensuring the highest bar for security. KATERYNA SEMENOVA: We
understand the friction that your users can have
with creating accounts, and we all know how difficult
it can be to remember passwords. And don't even get me
started on signing back into apps on a new phone. Problems such as
account recovery, fraud, and duplicate account
creation are also things that your users
may have to deal with. In the Data Breach
Investigation report by Verizon, they stated that social
engineering attacks are often very effective and extremely
profitable for cyber criminals. 74% of all breaches
include human element, and 80% of breaches are
linked to passwords. GINA BIERNACKI: And
for all developers, managing identities can be
extremely challenging as well. Getting correct and
complete contact information from your users, verifying
an email address, and preventing
duplicate accounts, while ensuring a high
bar for user privacy, are all significant challenges. Getting your users to
create strong passwords and storing those
passwords securely, guarding against new and
future vulnerabilities, complying with
regulatory requirements, and ensuring the
sign-in flow doesn't get in the way of your user
experience are just a few of the things you're
probably thinking about. KATERYNA SEMENOVA: With
all those things in mind, we'll share with
you how Google can help you solve these problems
with your apps in a way that will scale across platforms. These solutions will help
you to move towards a future without passwords. First, I'll tell you about
Android's Credential Manager API and the latest features
and improvements we are making. I'll show how
Credential Manager will help you provide a more
convenient authentication experience for your users. After that, Gina will
speak to broader solutions from Google that
can help you build seamless cross-platform
identity strategies. [MUSIC PLAYING] Credential Manager is
the Jetpack library you should use to allow your
users to sign out and sign in on Android. The Credential Manager
API provides a simple user experience by consolidating
passkeys, Sign-In with Google, and passwords in one
single interface. To reduce complexity,
the system automatically shows the most secure and
relevant login option, and users always have a choice
to select the sign-in method. Using multiple APIs to build
different sign-in methods can be a real challenge. To simplify integration
and ongoing maintenance, Credential Manager supports all
of these authentication methods in a single Jetpack library. Credential Manager is generally
supported on Android 4.4 and higher, and passkeys
are supported on Android 8.9 and higher. One of the primary advantages
of Credential Manager is its support for
passkeys authentication. With passkeys-- users can
sign in into apps and websites using the device screen lock. It could be a fingerprint,
a facial recognition, a pin pattern, or another
screen lock method. It's something users know and
use repeatedly on their devices. This provides a faster
and more convenient sign-in experience,
freeing your users from having to
remember usernames and passwords for each app. In addition, passkeys are
more secure than passwords. They are based on
public key cryptography, and they reduce the
risk of phishing attacks and made it more
difficult for accounts to be compromised or breached. Passkeys are built
on WebAuthn standard and supported by all major phone
platforms and operating systems. Passkeys are synchronized
between users' devices via credential providers such
as Google Password Manager. So even if they
lose their device, they won't lose access
to their credentials. The Credential Manager API
is a preferred solution to implement Sign-In with
Google in your Android apps. Sign-In with Google allows
users to use the existing Google account to sign in or sign
up seamlessly into your app. Credential Manager fully
supports the familiar one-tab flow so users can sign up or
sign in with just a single tab. And for helping this device
migration, Sign-In with Google also supports auto sign-in
for returning users. When is auto select
allowed is set, users sign in automatically
on a new device. Let's look at the feedback from
apps that integrated Credential Manager and passkeys last year. Last year, Amazon
integrated passkeys into its Android shopping app
and corresponding website. Amazon shared that,
"With passkeys, our customers are finding it
easier to sign in, compared to passwords and codes." Dashlane is a password
management tool that provides a secure way
to manage user credentials. Dashlane sees 70% increase
in conversion rate for signing in with passkeys,
compared to passwords. TikTok has more than one
billion users around the world. TikTok users log
in 17 times faster with passkeys than
with other methods. After adopting Credential
Manager, TikTok, developers saw
additional benefit when implementing
Sign-In with Google, which significantly improved
the overall login success rate. And let's look at
another example. Kayak, one of the leading
travel search engine, helps users to find best deals
on flights, hotels, and rental cars. Last year, Kayak
integrated passkeys into its Android and web apps. As a result, Kayak
reduced the average time it takes the users
to sign in by 50%, and also saw a decrease
in support tickets. In addition to passkeys,
Kayak offers users Sign-In with Google as the
cross-platform solution for account creation
and authentication. The majority of Kayak's users
prefer Sign-In with Google due to its seamless
and secure user flow. Many apps have already
seen significant benefits after integrating the
Credential Manager API. We are excited to bring
even more capabilities to the Credential
Manager this year. To simplify the passkeys
user experience even further, we are enabling a
single tab key sign-in by merging the Account Selector
and the biometric prompt. This way, the user
will just need to use their face, finger,
or other screen lock and they will be logged in. This improvement will be
automatically supported in new versions of
Credential Manager on Android 15 and higher,
requiring no additional work for developers. Users may accidentally dismiss
Credential Manager account selector. To make sure that
those users will be able to sign in with their
passkey, Sign-In with Google, or passwords, Credential
Manager options will be shown in
autofill services. Your users will see the
saved credentials in keyboard suggestions or when they are
clicking on a relevant input field during sign-in. This feature will be
available in Android 15. Now let's talk about
authentication on a new device. We have mentioned before
that Sign-In with Google supports Auto Sign-In
for returning users. But how about passkeys? For passkeys, we are introducing
a new Restore Credentials feature that will allow your
users to automatically restore their signed in
state for your app without needing to open
the apps one by one. This feature will be available
on phones and tablets via Credential Manager
API later this year. So how will users
experience this feature? On Android phone, when
user signs into your app, the app creates a restore
key via Credential Manager. If the user has
cloud backup enabled, the encrypted restore key
can be stored in the cloud. When the user
purchases a new device and goes through
the restore flow, apps and data are restored
on the new device. Your app then
requests restore key without any user interaction. The restore key is
decrypted and used to automatically sign
in on a new device. We are also happy to announce
that Credential Manager is coming to Wear OS. With this integration,
you can sign in using your passkeys,
Sign-In with Google, and passwords right
from your watch. And it also provides supports
for third-party credential providers, such as Dashlane. You can start working with this
feature in the various five quarterly platform release. In addition to passkeys, Sign-In
with Google, and passwords, Credential Manager is expanding
to support digital identities. Digital identities
are a digitalized form of your physical
identity documents, such as your driver's
license, your passport, or your membership cards. These IDs are stored in digital
wallet apps on your device. Credential Manager provides
developers with an API that allows your users
to share these IDs from their digital wallets
with the apps that need them. Over the next few years, we are
going to see tons of new ways to use this
technology, including things like identity
verification and account recovery. GINA BIERNACKI:
Thanks, Kateryna, for the deep dive on our
latest Android offerings. Building on the foundation of
Credential Manager and passkeys, let's explore some of the
best practices you can follow to implement a smooth and secure
sign-up and sign-in strategy that works across all platforms,
including Android, iOS, and the web. The first best practice is to
reduce the reliance on passwords for a safer user experience. This can be achieved by
replacing the usage of passwords with using passkeys and
Sign-In with Google. Sign-In with Google provides
the lowest friction, sign-up, and sign-in experience, but
may not solve for all use cases where passwords are used,
while implementing passkeys gives you a seamless sign-in
without relying on passwords for all of your user accounts. And together, they increase
convenience and security of sign-out and
sign-in for your users. For friction-free account
sign-up on all platforms, we recommend integrating
with Sign-In with Google. Sign-In with Google
works cross-platform on Android, iOS,
and web so you can be sure your users can
access your app regardless of device or service. You can meet your users
wherever they are. Sign-In with Google extends
the world-class security of your user's Google account
to all of their online accounts and allows them to sign
up or sign into your app with a single click
on any platform. Users get safe One Tap
access to services online using their Google account. And developers get
trusted account attributes from Google, such as
verified email address, to streamline account creation. This is done through
clear user consent, upholding strong principles
to respect user privacy. Let's take a look at
results from a developer who has implemented
Sign-In with Google. Indeed integrated
Sign-In with Google and saw a dramatic increase
in sign-in conversion. Today, over 50%
of Indeed's users prefer to use
Sign-In with Google over other types of
authentication solutions, due to its seamless
and secure user flow. Furthermore, Indeed is able
to capture verified user information with user consent,
which enhances the ability to engage and communicate
directly with customers-- key attributes that
are even more valuable given upcoming changes
on the Chrome browser. Sign-In with Google and
passkeys are two options that will help you
move toward a safer and smoother authentication
that doesn't rely on passwords. Second, ensure your team
is thinking cross-platform for your user experience. Identity works most seamlessly
when it is consistent for your users, regardless
of their platforms of choice. As users increasingly move
multi-device and cross platform, full support ensures
that they don't need to remember and
maintain additional passwords and factors. Across all the
platforms you work with, we have Sign-In with Google SDKs
to simplify the implementation for your development team. These SDKs include integrations
with Android's Credential Manager API, the new Federated
Credential Manager web API implemented by
Chrome, and they provide a seamless experience on iOS. For passkeys, users who utilize
Google Password Manager today can already sync their passkeys
across Android devices, and will soon be able to sync
across Apple, Windows, Chrome OS devices via Chrome. For developers with
both apps and websites, you can reduce user friction
by using the same passkey across surfaces. To do this, you should set up
a relationship between domains and apps to allow for the
use of passkeys and passwords across all your surfaces. For Android apps, we recommend
using digital asset links, and for iOS apps, we recommend
using associated domains. To learn more about
implementing Sign-In with Google for your applications
on all platforms, see the link in the
description below. And if you haven't
already, please ensure you implement and
migrate to the latest Sign-In with Google SDK. on each platform. You'll be providing your
users with the most effective offerings available
wherever they use your app. Third, if you want additional
security enhancements to your Sign-In with
Google implementation, we recommend adding
cross-account protection to your platform. With cross-account
protection, Google can share critical
security notifications about account changes,
such as account disables and token revocations,
with apps and service you've connected to your
users' Google account. Cross-account protection is part
of the OpenID, Shared Signals, and Events Framework. You can benefit from
Google's huge investment in protecting account
takeovers and receive updates to the security of your account
to help keep your users safe online. Fourth, create user
flows and user journeys that help with
account management to reduce duplicate
accounts for your users. Duplicate accounts are
a problem for everyone. Our features are designed to
prevent duplicate accounts by helping users quickly
create a logged in session using an existing credential. By using Credential Manager on
Android and FedCM on Chrome, the OS and browser
will help users remember their
last sign-in method and make it easier
for users to return. For Sign-In with
Google on Android, ensure that you are filtering
for authorized accounts so that only previously
linked accounts are shown to the user in
Credential Manager. If no accounts are returned,
you can make a second call without filtering to
allow for easy sign-up. On the web, Sign-In with
Google's personalized button, One Tap, and Auto
Sign-In functionality will also help with
sign-in method recall. On your backend platform,
during account creation, you can use the unique
Google account ID and email address within the ID token
to check for existing accounts to avoid the creation
of duplicate accounts. By using a
combination of Sign-In with Google and passkeys,
users can recover their account more easily, often
without needing to enter a username, password,
or click on a verification link. Fifth, reduce the complexity
for your users to improve, sign-up and sign-in rates. According to feedback
from partners, both passkeys and
sign in with Google have been shown to improve,
sign-up and sign-in flow completion rates. Use Sign-In with Google for
sign-up and both Sign-In with Google and passkey
for returning user sign-in. Features such as One Tap
and Automatic Sign-In will help you improve
your conversion rates. We recommend putting
these features on both your main
dialogue and leaf pages. This allows users
to sign out and sign in in the context
of your website without having to navigate away
from their current journey. Platform APIs, such as
Android Credential Manager and Chrome's FedCM, will
further improve rates with seamless unified flows. Last, ensure your
implementation meets your organization's current
and upcoming compliance requirements. As global standards and
requirements evolve, Google builds our
developer offerings with global compliance in mind. Our goal is to help
you operate globally with minimal disruption. For example, on Chrome,
we now have a solution for seamless flows without
third-party cookies with FedCM, API, all while
minimizing disruption to developers. Additionally, with
Sign-In with Google, you can customize
your implementation for localization and
accessibility needs. Millions of businesses,
educational institutions, nonprofit organizations
manage the Google accounts of their members. Through workspace policies,
Sign-In with Google, can provide verified
organizational data for an account, unlocking
valuable use cases, such as Identity and Access
management, community building, and subscription granting. For example, developers
can use the domain to help users find
their company's content or take advantage
of a site license. KATERYNA SEMENOVA:
And that's it. Our aim is to simplify the way
developers interact with Android and Google Identity solutions,
and help users seamlessly and securely access their
accounts across Android apps and websites. Our goal is to provide
features and tools that support the Android developer
community in building more secure apps. GINA BIERNACKI: On
android, implement Credential Manager for a
unified user experience and improved sign-up and
sign-in for your users. Implement passkeys instead of
passwords for safer sign-in. Implement Sign-In with Google
for streamlined sign-up and sign in on all platforms. KATERYNA SEMENOVA: We
appreciate your time today. Check the video description
to find more resources on how to improve sign-in and
sign-up flows in your apps. Thank you. [MUSIC PLAYING]