Android Phones Get FIDO2 Certification for Password-Free Logins

Share on Facebook Tweet Share Reddit Comment
Android Phones Get FIDO2 Certification for Password-Free Logins

FIDO2 certification arrives on Android

Highlights
  • Android phones now allow fingerprint log-in for apps and websites
  • Apps and websites can enable this ability using an API
  • This feature will only work on phones running Android Nougat and above

Android is now FIDO2 certified, which means apps and websites that support the standard can allow users to log in using fingerprint or a physical security key. For this to work, the device must run on Android version 7.0 Nougat and above, and the app must be FIDO certified - an open standard developed by the FIDO Alliance. For those compatible devices that do not come with fingerprint authentication, a security pin or pattern can be used for signing-in purposes, instead of lengthy and complicated passwords.

FIDO Alliance has announced that Android is now FIDO2 certified, which means "any compatible device running Android 7.0+ is now FIDO2 Certified out-of-the-box or after an automated Google Play Services update. This gives users the ability to leverage their device's built-in fingerprint sensor and/or FIDO security keys for secure passwordless access to websites and native applications that support the FIDO2 protocols." Most apps and websites require a password to log in, however apps and website that support FIDO2 will let you ditch the password entering process, and just use your fingerprint to gain access to your account.

Even if you are running on the latest Android version, it isn't necessary that you will see all apps and website providing you access through fingerprint. Only supporting apps and websites, like those who rely on WebAuth standard, will let you use the seamless login feature. Several bank apps already allow this and now we can expect more apps to roll out this feature.

The organisation notes that Web and app developers can now add FIDO authentication to their Android apps and websites through a simple API. It claims that FIDO2 is backed by strong cryptographic security that is transparent to the user and protects against phishing, man-in-the-middle and attacks using stolen credentials.

"Google has long worked with the FIDO Alliance and W3C to standardize FIDO2 protocols, which give any application the ability to move beyond password authentication while offering protection against phishing attacks. Today's announcement of FIDO2 certification for Android helps move this initiative forward, giving our partners and developers a standardised way to access secure keystores across devices, both in market already as well as forthcoming models, in order to build convenient biometric controls for users," said Christiaan Brand, Product Manager, Google.

There's still a huge amount of devices that won't be able to use this feature, as Google's Android distribution dashboard suggests that almost 50 percent of Android phones still run on Android 6.0 Marshmallow and older, as of October 2018.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Further reading: Android, FIDO2
Tasneem Akolawala When not expelling tech wisdom, Tasneem feeds on good stories that strike on all those emotional chords. She loves road trips, a good laugh, and interesting people. She binges on movies, sitcoms, food, books, and DIY videos. More
Samsung Galaxy S9, Galaxy S8 Users Report Battery Drain Issue Following Android 9 Pie Update
Facebook's Senior Officials Said to Appear Before Parliamentary Panel on March 6
 
 

Advertisement

 

Advertisement

© Copyright Red Pixels Ventures Limited 2019. All rights reserved.