Google aims to move beyond passwords with Android FIDO2 certification
Google has moved to improve the security of its Android mobile platform with the news that the operating system’s latest versions are now certified for use with the FIDO2 standard for passwordless user identification.
A new update to Google Play Services means that all devices running version 7.0 or later – which amounts to more than a billion gadgets worldwide – will be able to log in users to compatible websites and apps using biometrics or two-factor authentication, rather than relying on a passcode.
Developers can add FIDO’s strong authentication to their Android apps and websites with a simple API call, thereby reducing the risks posed by insecure and compromised passwords, which continue to be one of the biggest security challenges for many businesses.
FIDO, or Fast Identity Online, is a consortium that aims to improve authentication techniques and address issues such as a lack of standardisation and interoperability between services.
Brett McDowell, executive director of the alliance, said: “FIDO2 was designed from day one to be implemented by platforms, with the ultimate goal of ubiquity across all the web browsers, devices and services we use every day. With this news from Google, the number of users with FIDO authentication capabilities has grown dramatically and decisively.”
The standard allows users to access their apps or websites by confirming their identity with their phone’s fingerprint scanner or facial recognition tools, or pair it with a third-party dongle such as a YubiKey in order to avoid the use of passwords.
Christiaan Brand, product manager at Google focused on identity and security, told Wired the firm has been working with FIDO for a while, with a particular focus on tackling phishing, which he described as one of the biggest authentication issues on the web today.
“The natural evolution was looking toward FIDO2,” he said. “Customers are already used to using these sensors on the device for authenticating into applications every day, so how do we make that technology available to websites?”
Share This Post, Choose Your Platform!
With over 25 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.