• Home
  • Internet
  • Internet News
  • Google Begins Rollout of Local Fingerprint, PIN Based Authentication for Web Services on Android Phones

Google Begins Rollout of Local Fingerprint, PIN-Based Authentication for Web Services on Android Phones

The feature is now live on stable Android Pie as well as Android Q beta build.

Share on Facebook Tweet Share Reddit Comment
Google Begins Rollout of Local Fingerprint, PIN-Based Authentication for Web Services on Android Phones

The password-free login feature is only available for Pixel smartphones as of now.

Highlights
  • Pixel smartphone users should have a linked Google account
  • All log-in details are stored locally for added security
  • Only a yes or no response is relayed to validate the log-in

Android gained FIDO2 certification to enable password-free login for compatible apps and services earlier this year, following Google Chrome's newly added compliance for the WebAuthn API. But, what was the objective? Well, the purpose was to let users sign in to a Web service by using the fingerprint sensor or local password of their Android phone, and this is now finally a reality. Google has started rolling out support for FIDO2-based local user verification for Google Accounts, which means users can now sign in to a web service by using the fingerprint sensor or the PIN of their supported phone, instead of remembering a complex password.

Google has announced via a blog post that users can now verify their identity for Google services by using the fingerprint sensor, PIN or pattern lock of their supported Android smartphones. As of now, the feature is available only on Pixel smartphones and will soon be rolled out to more Android phones running version 7.0 (Nougat) or a higher build of Google's operating system. Currently, Pixel phone users can visit Google's password manager dashboard and tap on any of the websites or services listed on the page to check the new interface.

On the authentication page, users will see the option to either use their fingerprint sensor or enter the PIN/pattern lock of their Android phone for dentity verification. However, users must have their linked Google account already signed in on their compatible Pixel phones. Once the login is verified, users can access the password reset page of the selected web service. We tried this streamlined authentication approach on the first-gen Pixel phone running stable Android Pie and the Pixel 3 running Android Q Beta 6, and found it to be working.

This approach is more secure, as it relies on the local authentication protocol such as fingerprint sensor or PIN to verify the user's identity and just relays a yes/no response to the web service's server, instead of sending over the password itself, thus reducing the risk of interception by malicious parties.

The local verification based on biometrics employs the FIDO2 standards - which was made official for Android earlier this year - and will be rolled out for more web services and devices soon. The whole authentication system has been made possible by the adoption of WebAuthn APIs, that are aimed at reducing the need for a password for logins and eventually protecting users against phishing.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Further reading: Google, FIDO2, WebAuthn API
Nadeem Sarwar Aside from dreaming about technology, Nadeem likes to get bamboozled by history and ponder about his avatars in alternate dimensions. More
HTC to Launch New Smartphone in India on August 14, Flipkart Reveals
Chandrayaan-2 to Leave Earth Orbit Tomorrow After Trans Lunar Insertion
 
 

Advertisement

 

Advertisement

© Copyright Red Pixels Ventures Limited 2019. All rights reserved.