New connections without password arrive on Android – TechCrunch

The FIDO Alliance and Google announced today that Android (from version 7.0), featuring the latest version of Google Play services, is now FIDO2 certified. At first glance, this sounds rather boring, but it will allow developers to write applications that use the phone's fingerprint scanner or a FIDO security key to authenticate users without requiring them to enter a password. As I do not know too many people who like to type complicated passwords that their IT department makes change every few months, this is a big problem.

Developers will be able to enable password-free logins in their web and native applications. Chrome, Microsoft Edge and Firefox already fully support this feature, like Apple's Safari (but only in preview). In addition to its convenience, FIDO2 is also committed to offer phishing security, because this technology will not allow you to authenticate on a malicious site.

"Google has a long history of working with the FIDO Alliance and the W3C to standardize FIDO2 protocols, which allow all applications to exceed password authentication while offering protection against phishing attacks," said Christiaan Brand, Google Product Manager. "Today's announcement of FIDO2 certification for Android helps advance this initiative by providing our partners and developers with a standardized way to access secure key stores across multiple devices, both in the marketplace and on future models, to create biometric controls practices for users. "

It should be noted that Android already supported password-free authentication for native applications, but it now also supports it for browser connections. Once you have configured this new authentication mechanism (and web applications support it), your phone will store all cryptographic data on the device and no raw fingerprint data, for example, will be transferred. to anyone.

The FIDO Alliance says this new mechanism will soon allow one billion users of modern Android devices to benefit from connections without a password. However, developers will need to implement support for their web and native applications, but this is relatively easy.