Why it matters: We’re constantly warned not to reuse the same passwords for our online accounts, but that means having to remember multiple logins. There are always password managers, but they aren’t perfect and can be fiddly on mobile. Thanks to Google and the FIDO Alliance, however, passwords could eventually become a thing of the past for Android users.
At Mobile World Congress, the two organizations announced that Android now has certified support for the FIDO2 standard. That means the majority of devices that run Android 7 or later will allow logins in mobile browsers such as Chrome without the use of passwords.
Android already has FIDO login options, which allows users to access certain apps, including those for banking, using their fingerprints, cameras, or with hardware such as the YubiKey. FIDO2 expands this functionality to web services via mobile browsers.
Phones without fingerprint sensors will be able to use PIN or swipe patterns for authentication.
“Google has long worked with the FIDO Alliance and W3C to standardize FIDO2 protocols, which give any application the ability to move beyond password authentication while offering protection against phishing attacks,” said Christiaan Brand, Product Manager at Google. “Today’s announcement of FIDO2 certification for Android helps move this initiative forward, giving our partners and developers a standardized way to access secure keystores across devices, both in market already as well as forthcoming models, in order to build convenient biometric controls for users.”
As no information is transferred to the apps and services that use it, the system prevents against Man-in-the-middle, phishing, and brute force attacks. Not every app and service will offer this feature, though, as developers need to adopt FIDO’s API. But it will no doubt be welcomed by those who prefer biometric authentication over passwords.