How would you love to log into some sites without your passwords?
I mean this saves some of us from the stress of having to remember passwords at different times. If you would like such an experience, The FIDO Alliance—an open industry association with a focused mission: authentication standards to help reduce the world’s over-reliance on password—and Google has announced that Android from version 7.0 up with the latest version of the Google Play Services, is now FIDO2 certified. This means that developers can now write apps that use a phone´s fingerprint or FIDO security key to authenticate users without making them type in a password.
Chrome, Microsoft Edge and FireFox already support this feature, as does Apple´s Safari (but only in preview). As an added advantage to the convenience, FIDO2 also promises to offer phishing-resistant security as it will not allow you authenticate on a malicious site.
“Google has long worked with the FIDO Alliance and W3C to standardize FIDO2 protocols, which give any application the ability to move beyond password authentication while offering protection against phishing attacks…Today’s announcement of FIDO2 certification for Android helps move this initiative forward, giving our partners and developers a standardized way to access secure keystores across devices, both in market already as well as forthcoming models, in order to build convenient biometric controls for users.”
-Christiaan Brand, Google Product Manager
Although Android already supports password-less authentication for native apps, it will now also support these for browser logins. Once you have set up your authentication mechanism, your phone will store all of the cryptographic data on the device and not of the raw data, the fingerprint for example, will be transferred to anybody else.
It’s worth noting that Android already supported password-less authentication for native apps, but now it’ll also support these for browser logins. Once you’ve set up this new authentication mechanism (and once web apps support it), your phone will store all of the cryptographic data on the device and none of the raw fingerprint data, for example, will be transferred to anybody else.
This Alliance says the new mechanism will soon enable a billion users on modern Android devices to experience password-less logins and developers will have to implement support in their web and native applications.