MWC: Google, FIDO kill passwords on a billion Android devices
Users of Android devices running version 7.0 can now login to apps and Web sites without needing to type in a password.
According to Google and FIDO, who made the announcement at Mobile World Congress (MWC), in Barcelona, this week, Android now has certified support for FIDO2, an open standard developed by the FIDO Alliance.
FIDO2 is backed by strong cryptographic security that protects against phishing and man-in-the-middle attacks using stolen credentials.
The Android update uses a PIN or fingerprint instead of a password, bringing simpler and stronger authentication capabilities to over a billion devices that use this platform.
"Any compatible device running Android 7.0+ is now FIDO2 certified out of the box or after an automated Google Play Services update," says the alliance. Web and app developers can add FIDO strong authentication to their Android apps and Web sites through an API call, which will boost security, as having no password means it is more resistant to phishing.
FIDO2 is backed by strong cryptographic security that protects against man-in-the-middle attacks using stolen credentials.
Christiaan Brand, product manager at Google, says his organisation has worked with the FIDO Alliance and the World Wide Web Consortium (W3C) for some time, to standardise FIDO2 protocols and to move past password authentication.
He says FIDO2 certification for Android gives Google partners and developers a standardised way to access secure key stores across devices through biometric controls, in current devices and upcoming models.
FIDO2 is currently supported by several Web browsers, including Google Chrome, Microsoft Edge and Mozilla Firefox. It is made up of W3C's Web Authentication specification, and the corresponding Client to Authenticator Protocol (CTAP) from the FIDO Alliance.
These standards allow users to login to online services with FIDO2-compliant devices such as fingerprint readers, cameras and/or FIDO security keys.
Brett McDowell, executive director of the FIDO Alliance, says FIDO2 was designed to be implemented by platforms, with the ultimate aim of ubiquity across all Web browsers, devices and services.