Computer security is a constantly evolving field – or a game of cat and mouse, if you prefer – with new or improved standards to ensure the security of our data. One of the most recent developments is the FIDO2 initiative, which promises secure access to websites and applications without requiring passwords. And one of the announcements from the MWC this year is that Android is now FIDO2 certified.

With FIDO2, security is transferred to other devices, such as fingerprint readers, cameras, and FIDO keys from any site or application that supports the protocol. Ideally, this could mean that you do not need to enter your password as often to connect to your favorite services, assuming that the developers support the FIDO2 API. Its appeal comes from its alleged strength against phishing, "man-in-the-middle" attacks and stolen credential attacks.

Android devices will support FIDO2 directly or with an update to Google Play services. It will be up to each manufacturer to take full advantage of the turnkey certification.

BARCELONA, February 25, 2019 – FIDO Alliance announced today that Android is now FIDO2 certified, bringing simpler and more powerful authentication features to more than one billion devices using this platform. every day. With this news, any compatible device running Android 7.0+ is now FIDO2 certified ready to use or after an automated update of Google Play services. This allows users to use the FIDO fingerprint sensor and / or FIDO security keys embedded in their device for secure, password-free access to websites and native applications that support FIDO2 protocols.

Web developers and applications can now add strong FIDO authentication to their Android apps and sites via a simple API call, to bring password-free and phishing-free security to a growing number of users. endpoints already having leading Android devices and / or upgrading to new devices in the future.

"Google has a long history of working with the FIDO Alliance and the W3C to standardize FIDO2 protocols, which allow all applications to exceed password authentication while providing protection against phishing attacks. The announcement today of the FIDO2 certification for Android is helping to move this initiative forward by providing our partners and developers with a standardized way to access secure key stores on different devices, both in the marketplace and on the Internet. upcoming models, in order to set up practical biometric controls for users, "said Christiaan Brand, product manager, Google.

Already supported on the market by leading browsers such as Google Chrome, Microsoft Edge and Mozilla Firefox (with preview supported by Apple Safari), FIDO2 includes the World Wide Web Consortium (W3C) Web Authentication Specification and the Client Authenticator Protocol (CTAP)) from FIDO Alliance. Together, these standards allow users to more easily and securely connect to online services with FIDO2-enabled devices such as fingerprint readers, cameras, and / or FIDO security keys.

"FIDO2 was designed from the ground up to be implemented by platforms, with the ultimate goal of ubiquity across all web browsers, devices and services we use daily. With this news from Google, the number of users with FIDO authentication features has increased dramatically and decisively. With major web browsers already compatible with FIDO2, now is the time for website developers to free their users of risk and password issues and to integrate FIDO authentication today. Added Brett McDowell, executive director of FIDO Alliance.

FIDO2's simple user experiences rely on a strong, transparent cryptographic security for the user, which protects him from phishing, pending attacks and attacks using stolen credentials. Support for FIDO2 has increased since the introduction of the specifications last spring. In addition to browser and platform support, several FIDO2-certified products have been announced to support implementation.

Device manufacturers interested in taking advantage of immediate certification and displaying the FIDO Certified logo on their Android devices should refer to the new FIDO Alliance Trademark and Service Mark Agreement.