Google has moved to improve the security of its Android mobile platform with the news that the operating system’s latest versions are now certified for use with the FIDO2 standard for passwordless user identification.
A new update to Google Play Services means that all devices running version 7.0 or later – which amounts to more than a billion gadgets worldwide – will be able to log in users to compatible websites and apps using biometrics or two-factor authentication, rather than relying on a passcode.
Developers can add FIDO’s strong authentication to their Android apps and websites with a simple API call, thereby reducing the risks posed by insecure and compromised passwords, which continue to be one of the biggest security challenges for many businesses.
FIDO, or Fast Identity Online, is a consortium that aims to improve authentication techniques and address issues such as a lack of standardisation and interoperability between services.
Brett McDowell, executive director of the alliance, said: “FIDO2 was designed from day one to be implemented by platforms, with the ultimate goal of ubiquity across all the web browsers, devices and services we use every day. With this news from Google, the number of users with FIDO authentication capabilities has grown dramatically and decisively.”
The standard allows users to access their apps or websites by confirming their identity with their phone’s fingerprint scanner or facial recognition tools, or pair it with a third-party dongle such as a YubiKey in order to avoid the use of passwords.
Christiaan Brand, product manager at Google focused on identity and security, told Wired the firm has been working with FIDO for a while, with a particular focus on tackling phishing, which he described as one of the biggest authentication issues on the web today.
“The natural evolution was looking toward FIDO2,” he said. “Customers are already used to using these sensors on the device for authenticating into applications every day, so how do we make that technology available to websites?”