The FIDO Alliance isn't a fan club for dogs, but a consortium of big tech companies that's trying to make authentication more secure. The Alliance has a lofty goal: To kill the password and replace it with something better. Enter the passkey.

You've probably read a blog post or two about it, but you may be wondering what the fuss is all about. We invited two of the foremost experts on the topic to join us on Android Bytes and explain how passkeys work and why we're better off without passwords.

Christiaan Brand is a Product Manager on Identity and Security at Google and Tim Cappalli is an Identity Standards Architect at Microsoft.

• 03:09 - What's wrong with passwords?
• 05:17 - How did we get to passkeys?
• 07:47 - How do passkeys reinvent authentication?
• 11:50 - What is the FIDO Alliance?
• 14:38 - Are passkeys convenient to use?
• 15:47 - What is WebAuthn, CTAP, and FIDO2?
• 18:01 - What is a FIDO credential? What is the meaning of "passkey"?
• 21:57 - At a high level, how do passkeys actually work?
• 24:47 - What makes passkeys more resilient to phishing and data breaches?
• 25:52 - How are passkeys backed up?
• 27:15 - What happens if you forget that you made a passkey for a certain site?
• 28:01 - Can you reuse passkeys?
• 28:51 - Can passkeys be exported or transferred between password managers (passkey managers?)?
• 31:44 - How do you use a passkey stored on your phone to login to a website on your PC (or vice versa)?
• 35:50 - Is there a fallback method to support legacy devices? How long will passwords stick around?
• 40:41 - Can you create a passkey for an existing account?
• 41:28 - What will happen to physical security keys?

Learn more about passkeys at passkeys.dev and developers.google.com/identity/passkeys.

Android Bytes is hosted by Mishaal Rahman, Senior Technical Editor, and David Ruddock, Editor in Chief, of Esper.

• Mishaal's Twitter
• David's Twitter

Esper enables next-gen device management for company-owned and managed tablets, kiosks, smart phones, IoT edge devices, and more.

For more about Esper:

• Esper Blog
• Mobile Device Management (MDM) Guide
• Android MDM Guide
• iOS MDM Guide
• MDM Solutions
• MDM APIs & SDK

New from the Esper blog:

• Edge AI

It's dangerous to go alone! Take us with you!

In this episode, we're joined by our very own Jon West and Nikhil Punathil at Esper to discuss a key part of what we do here — getting AOSP up and running on ARM and x86 hardware. If you want to port AOSP, it's not as easy as just compiling an image from Google's git repos and slapping it onto a device.

• 05:59 - What is a device bring-up? What are some of the challenges in doing a bring-up?
• 10:58 - How do AOSP developers deal with a lack of kernel source code?
• 18:16 - How did Project Treble affect building AOSP?
• 26:54 - How does Android on x86 differ from Android on ARM?
• 29:48 - What problem does the Generic Kernel Image try to solve?
• 35:22 - How long does Google support a particular AOSP release? What can AOSP developers do once support has ended?

Android Bytes is hosted by Mishaal Rahman, Senior Technical Editor, and David Ruddock, Editor in Chief, of Esper.

• Mishaal's Twitter
• David's Twitter

Esper enables next-gen device management for company-owned and managed tablets, kiosks, smart phones, IoT edge devices, and more.

For more about Esper:

• Esper Blog
• Mobile Device Management (MDM) Guide
• Android MDM Guide
• iOS MDM Guide
• MDM Solutions
• MDM APIs & SDK

New from the Esper blog:

• Edge AI
• Edge devices & edge computing

Our music is "19" by HOME and is licensed under CC BY 3.0.

As a manufacturer, building an Android phone to the spec you want has its challenges and costs. You need to deal with dozens of regulatory agencies and standards bodies as well as (shudder) work with carriers if you want a chance at making a splash with a new product.

From assembly to testing to retail, OSOM Privacy is chugging along as it prepares to launch its first smartphone, and we're glad to have co-founder/CEO Jason Keats and chief product officer Gary Anderson join us again for a special, extended, freewheeling episode of Android Bytes.

• 03:33 - 05:40 - Trademark secrecy, gatekeeping IMEI numbers
• 05:43 - 07:32 - Certifying with the FCC (and other telecom agencies)
• 07:34 - 13:40 - Bluetooth, WiFi, 4G, 5G, USB, and other certifications
• 13:41 - 16:08 - IP ratings
• 16:10 - 18:00 - Making a phone "unbreakable", or at least ruggedized (MIL-STD-810)
• 18:07 - 23:35 - Drop tests, glass durability, and foldables
• 23:38 - 26:17 - How to navigate the confusing mess of certifications
• 27:00 - 32:07 - Pre-production hardware, EVTs, DVTs, etc.
• 32:08 - 42:12 - Factory software provisioning, tooling, and signing
• 44:26 - 50:06 - Cellular band support, VoLTE, and carrier certification
• 50:10 - 52:30 - Why shipping phones in Japan, India, Russia, and Brazil is costly
• 52:33 - 55:55 - Carrier software requirements
• 55:57 - 59:30 - Widevine DRM, Netflix certification, and RSAs for preloads
• 1:05:52 - 1:08:03 - Buttons, ports, and a future without them

Android Bytes is hosted by Mishaal Rahman, Senior Technical Editor, and David Ruddock, Editor in Chief, of Esper.

• Mishaal's Twitter
• David's Twitter

Esper enables next-gen device management for company-owned and managed tablets, kiosks, smart phones, IoT edge devices, and more.

For more about Esper:

• Esper Blog
• Mobile Device Management (MDM) Guide
• Android MDM Guide
• iOS MDM Guide
• MDM Solutions
• MDM APIs & SDK

New from the Esper blog:

• Edge AI
• Edge devices & edge computing

Our music is "19" by HOME and is licensed under CC BY 3.0.