DBSC (Device Bound Session Credentials) has started its second origin trial on Chrome .

DBSC is a browser mechanism that allows websites to bind session credentials such as cookies to a device so that it can mitigate chances for cookie thefts. In this origin trial, we have changed some header names, jwt schema, http status and so on. With origin trial, you can allowlist your website domain to enable the feature.

Learn more from: https://developer.chrome.com/blog/dbsc-origin-trial-update

Chrome for Android can now help users adopt passkeys more seamlessly.

If a user signs in with a saved password, your website can request that Google Password Manager (GPM) create a passkey automatically using a WebAuthn API feature called "Conditional Create". Chrome does not interrupt the user. After creation, Chrome shows a brief confirmation and a Manage button that opens the new passkey in Google Password Manager settings. Users can turn this feature off in Google Password Manager settings.

This feature has been available on Chrome desktop, but it's now available on Android too!

Learn more: https://developer.chrome.com/blog/automatic-passkey-creation-android

Digital Credentials API is now available on Chrome!

Thanks everyone for participating in and sending feedback to the Digital Credentials API origin trial. After some refinement, we've successfully shipped Digital Credentials API on Chrome starting in its version 141.

With Digital Credentials API, users can prove their identity using a digital credential served from one of digital wallets they have, such as Google Wallet. These credentials are carefully designed so only necessary part can be presented, for example, age verification is possible without revealing the birth day.

Continue to the announcement to learn more:
https://developer.chrome.com/blog/digital-credentials-api-shipped

Excited to be speaking at FIDO Alliance's Authenticate US 2025 with my amazing colleague Niharika Arora about "𝐖𝐡𝐚𝐭’𝐬 𝐧𝐞𝐰 𝐨𝐧 Google 𝐩𝐥𝐚𝐭𝐟𝐨𝐫𝐦s 𝐟𝐨𝐫 𝐏𝐚𝐬𝐬𝐤𝐞𝐲𝐬"
https://authenticatecon.com/event/authenticate-2025/

Happy to catch-up if you are joining and discuss all Identity things!

Excited to be delivering State of identity and authentication on the web at Web Directions Developer Summit in Sydney (and online) November 19 and 20, and I'd love to see you there.
https://webdirections.org/dev-summit/speakers/eiji-kitamura.php

Get $200 off in person with the code "eijidevsummit25" and $100 off a streaming ticket with the code "eijidevsummit25streaming".

Learn more at https://webdirections.org/dev-summit , and hope to see you there!

Passkeys on Google Password Manager are now available on iOS and iPadOS.

Chrome on iOS 17 or later now supports creating and saving passkeys directly to Google Password Manager, ensuring they synchronize seamlessly with other platforms linked to the same Google Account. This change means Chrome with the same signed-in profile can synchronize passkeys on the Google Password Manager across all platforms and devices.

To use passkeys on Google Password Manager on iOS 17 or later, set Chrome as an autofill provider in Settings.

Learn more: https://developer.chrome.com/blog/passkeys-gpm-ios

Keeping passkeys consistent between the password manager and the server is a key for great sign-in experience. For example, if a user deletes a credential on the server, an attempt to sign in with the associated passkey will fail and the user will have no clue what's going on.

Websites can solve this problem with Signal API. It can signal information about passkeys so that the password managers can keep them consistent with the server.

Chrome desktop and Google Password Manager start to support Signal API from 132 which is currently in beta. Chrome on Android will support it later.

Learn more: https://developer.chrome.com/blog/passkeys-signal-api

Digital Credentials API is a new web platform API that allows websites to selectively request verifiable information about the user through digital credentials such as a driver's license or a national identification card stored in a digital wallet.

Learn more and sign up for an origin trial:
https://developer.chrome.com/blog/digital-credentials-api-origin-trial