Android offers password-free biometric online access with FIDO2 certification
The Android mobile operating system has received FIDO2 certification from the FIDO Alliance, enabling users to access websites and native applications without passwords by using their device’s onboard fingerprint sensor or FIDO security keys.
Any device running Android 7.0 or later is now FIDO2 certified out of the box or with an automated update by Google Play Services, allowing web and app developers to deliver strong phishing-resistant FIDO authentication to those users through a simple API call.
“Google has long worked with the FIDO Alliance and W3C to standardize FIDO2 protocols, which give any application the ability to move beyond password authentication while offering protection against phishing attacks,” says Google Product Manager Christiaan Brand. “Today’s announcement of FIDO2 certification for Android helps move this initiative forward, giving our partners and developers a standardized way to access secure keystores across devices, both in market already as well as forthcoming models, in order to build convenient biometric controls for users.”
The FIDO2 authentication standard is made up of the World Wide Web Consortium’s (W3C’s) WebAuthN specification and the FIDO Alliance’s corresponding Client to Authenticator Protocol (CTAP). It is supported by Google Chrome, Microsoft Edge, and Mozilla Firefox, and in preview on Apple Safari, and products certified for FIDO2 became available last year.
“FIDO2 was designed from day-one to be implemented by platforms, with the ultimate goal of ubiquity across all the web browsers, devices and services we use every day. With this news from Google, the number of users with FIDO Authentication capabilities has grown dramatically and decisively. Together with the leading web browsers that are already FIDO2 compliant, now is the time for website developers to free their users from the risk and hassle of passwords and integrate FIDO Authentication today,” adds FIDO Alliance Executive Director Brett McDowell.
A recent survey from Experian shows that using physical biometrics for online authentication improves consumer confidence in account security by 30 percent.