- Android users will soon be able to log in to apps and online platforms without using ‘traditional’ passwords.
- The FIDO2 certification brings security keys and biometric authentication for Android 7.0 and above.
- The new API calls will be made available to the developers, and soon, we will enjoy the first FIDO2-compatible apps.
The FIDO Alliance and Google have announced that Android 7.0 and later is now FIDO2 certified, which means that over a billion users will now be able to utilize their device’s biometric sensors such as the fingerprint sensor or the camera, or simply use FIDO (Fast IDentity Online) security keys. This essentially makes the use of passwords obsolete, freeing people from having to frequently change and input complex passphrases, remember them, or use password managers that are not as secure as biometric data. The announcement was made in Barcelona, and during the FIDO MWC 2019 presentation, getting Android users around the world excited.
.@Google has certified its @Android platform for #FIDO2. This means any devices running Android 7.0+ are ready for secure passwordless #authentication via #biometrics based on the @w3c #WebAuthn/FIDO2 specs — either out of the box or via updatehttps://t.co/WYjH9ZJvSx pic.twitter.com/Qgo0xLIPoY
— The FIDO Alliance (@FIDOAlliance) February 25, 2019
The Product Manager of Google, Christiaan Brand, has stated the following: “Google has long worked with the FIDO Alliance and W3C to standardize FIDO2 protocols, which give any application the ability to move beyond password authentication while offering protection against phishing attacks. Today’s announcement of FIDO2 certification for Android helps move this initiative forward, giving our partners and developers a standardized way to access secure key-stores across devices in order to build convenient biometric controls for users.”
Brett McDowell, the Executive Director of the FIDO Alliance has said: “FIDO2 was designed from day one to be implemented by platforms, with the ultimate goal of ubiquity across all the web browsers, devices, and services we use every day. With this news from Google, the number of users with FIDO Authentication capabilities has grown dramatically and decisively. Together with the leading web browsers that are already FIDO2 compliant, now is the time for website developers to free their users from the risk and hassle of passwords and integrate FIDO Authentication today.”
Passwordless authentication across Android is not only bringing convenience to the users but also a higher level of security. The FIDO2 specification unites WebAuthn and CTAP, enabling the user to authenticate on apps and online services by using FIDO security keys. The biometric data that is captured by the sensors is hidden behind a layer of strong cryptographic encryption, so the chances of losing your credentials to a “Man-in-The-Middle” attacker or a phishing actor are brought down to zero.
What remains now is to have developers use the relevant API for the FIDO authentication, and hopefully, we’ll start seeing a lot of effort on this front soon. Device manufacturers will also add a “FIDO Certified” logo on their products, blazoning this new security feature as the next-gen user authentication technology, which of course it certainly is. The FIDO standards are only now starting to take up on popularity and adoption, and this Android certification is probably the most significant so far and one that will raise public awareness on how security keys and biometric data should be used.
Are you excited about Android’s FIDO certification, or are you planning to still use passwords when the authentication framework becomes available? Let us know where you stand in the comments section beneath, and don’t forget to check out our socials on Facebook and Twitter, where fresh tech news are posted daily.