Latest Android devices now allow you to connect to apps without requiring a password

Here is a good reason to update your latest version of Google Play services: Android devices with version 7.0 or later can now connect to apps and websites without having to enter a password. By using FIDO2, an open standard developed by the FIDO Alliance, the update uses your fingerprint or PIN code to connect to various services.

Complex passwords can be a secure way to protect your account, but they are often lengthy, difficult to remember, and need to be updated periodically (unless you're using a password manager.) Two-factor authentication is also useful, but it can be boring. difficult to access if you are traveling abroad. With this update and certification, Google and the FIDO Alliance hope to bring users to even more secure methods, such as biometric data, which are hard to steal and reproduce. The standard also states that your data is authenticated locally. As a result, no private information is transferred to the applications and services to which you connect.

"The important part of this technology, often overlooked, is actually not allowing users to use biometrics for the connection, but rather moving the authentication of a" shared secret "model – in which you and the service you interact with must know. a "secret" password like your password – to an "asymmetric" model where you only need to prove that you know a secret, but the remote service does not really learn to know the secret itself "It's better in a lot of ways, because a server-side violation of your data does not actually reveal anything that compromises the keys you use to access the service," says Christiaan Brand, product identity and security at Google. . "

For devices without fingerprint sensor, Android will allow you to use other methods, such as a PIN or scan pattern that you use to unlock your phone, to authenticate yourself.

Some Android users may have already seen this live: most banking applications, for example, allow you to log in via a fingerprint rather than entering your password. This authentication standard is also supported by many web browsers, including Chrome, Edge, and Firefox. However, just because the support exists, you can not use this method to connect to all applications right away. Application developers still need to adopt the FIDO API to support this feature.

Today's update is good news for users who find the passwords bulky, but it will only be useful for about half of the Android devices in the world. According to Google's Android distribution dashboard, as of October 2018, approximately 50% of Android devices still ran on version 6.0 or earlier.