Google makes it easier for web and app developers to use the biometric sensor as a login mechanism. FIDO 2 will work on devices with Android 7.0+ and the Google Play Store.
The next time you log into an Android app, a fingerprint sensor alone might do the trick.
Google on Monday made it easier for web and app developers to use the biometric sensor as a login mechanism by rolling out support for a new login standard for Android called FIDO 2.0.
The new standard represents a tech industry effort to move beyond password-based systems, which can be easily hacked. Cybercriminals routinely compromise password logins, sometimes by simply guessing the credentials or by tricking victims into giving them up through an email phishing scheme.
FIDO 2 tries to fix this by replacing the passwords with biometrics such as a fingerprint or face. However, none of the sensitive data is uploaded to the internet. Biometric signatures are instead stored in a secure enclave onboard the device, which then creates a digital private key to unlock whatever account you want to access.
The FIDO 2 standard also supports hardware-based security keys, which can be slotted into a PC’s USB port to unlock access to your accounts.
It’ll be up to app developers to leverage the new login standard. But Google and its partners, including Microsoft and Intel, are hoping FIDO 2 opens the door to fewer passwords overall. Last April, Google previewed what this might look like by demoing the approval of orders on PayPal by simply scanning your fingerprint on an Android phone.
FIDO 2 will work on devices with Android 7.0 and up and the Google Play Store installed. Browsers including Google Chrome, Microsoft Edge and Firefox support the FIDO 2 standard as well.
“With this news from Google, the number of users with FIDO Authentication capabilities has grown dramatically and decisively,” Brett McDowell, executive director of the FIDO Alliance, said in a statement. “Together with the leading web browsers that are already FIDO 2 compliant, now is the time for website developers to free their users from the risk and hassle of passwords.”