Android is now FIDO2 certified, which means apps and websites that support the standard can allow users to log in using fingerprint or a physical security key. For this to work, the device must run on Android version 7.0 Nougat and above, and the app must be FIDO certified – an open standard developed by the FIDO Alliance. For those compatible devices that do not come with fingerprint authentication, a security pin or pattern can be used for signing-in purposes, instead of lengthy and complicated passwords.
FIDO Alliance has announced that Android is now FIDO2 certified, which means “any compatible device running Android 7.0+ is now FIDO2 Certified out-of-the-box or after an automated Google Play Services update. This gives users the ability to leverage their device’s built-in fingerprint sensor and/or FIDO security keys for secure passwordless access to websites and native applications that support the FIDO2 protocols.” Most apps and websites require a password to log in, however apps and website that support FIDO2 will let you ditch the password entering process, and just use your fingerprint to gain access to your account.
Even if you are running on the latest Android version, it isn’t necessary that you will see all apps and website providing you access through fingerprint. Only supporting apps and websites, like those who rely on WebAuth standard, will let you use the seamless login feature. Several bank apps already allow this and now we can expect more apps to roll out this feature.
The organisation notes that Web and app developers can now add FIDO authentication to their Android apps and websites through a simple API. It claims that FIDO2 is backed by strong cryptographic security that is transparent to the user and protects against phishing, man-in-the-middle and attacks using stolen credentials.
“Google has long worked with the FIDO Alliance and W3C to standardize FIDO2 protocols, which give any application the ability to move beyond password authentication while offering protection against phishing attacks. Today’s announcement of FIDO2 certification for Android helps move this initiative forward, giving our partners and developers a standardised way to access secure keystores across devices, both in market already as well as forthcoming models, in order to build convenient biometric controls for users,” said Christiaan Brand, Product Manager, Google.
There’s still a huge amount of devices that won’t be able to use this feature, as Google’s Android distribution dashboard suggests that almost 50 percent of Android phones still run on Android 6.0 Marshmallow and older, as of October 2018.