It’s more important than ever to manage your passwords online, but also harder to keep up with. That’s a bad combination. So the FIDO Alliance—a consortium that develops open source authentication standards—has pushed to expand its secure login protocols to make seamless logins a reality. Now Android’s on board, which means a billion devices can say goodbye to passwords in more digital services than ever.
On Monday, Google and the FIDO Alliance announced that Android has added certified support for the FIDO2 standard, meaning that the vast majority of devices running Android 7 or later will now be able to handle password-less logins in mobile browsers like Chrome. Android already offered secure FIDO login options for mobile apps, where you authenticate using a phone’s fingerprint scanner or with a hardware dongle like a YubiKey. But FIDO2 support will make it possible to use these easy authentication steps for web services in a mobile browser instead of laboriously typing in your password every time you want to log in. Web developers can now design their sites to interact with Android’s FIDO2 management infrastructure.
“Google got involved in FIDO quite some ways back, particularly because of phishing, which we think is one of the biggest issues of authentication on the web today,” says Christiaan Brand, a product manager at Google focused on identity and security. “The natural evolution was looking toward FIDO2. Customers are already used to using these sensors on the device for authenticating into applications every day, so how do we make that technology available to websites?”
Developers can implements FIDO2 authentication in a number of different variations depending on what makes sense for their product, but all the versions offer additional phishing protection by requiring user…
More from Around the Web