Google's Android operating system is now certified to employ the FIDO2 open authentication standard, a development that could help owners of more than a billion Android devices phase out the use of passwords when logging in to online services.
As an alternative to potentially insecure passwords, FIDO2 instead offers the option of using fingerprints or FIDO security keys to log into browsers, websites and apps that support FIDO2 protocols. As a result of the certification, devices operating on Android 7.0 or higher will be FIDO2-enabled either out of the box or after an automated Google Play Services update.
FIDO2 is comprised of both the World Wide Web Consortium's (W3C) web authentication specification and FIDO Alliance's Client to Authenticator Protocol (CTAP).
“Google has long worked with the FIDO Alliance and W3C to standardize FIDO2 protocols, which give any application the ability to move beyond password authentication while offering protection against phishing attacks," said Christiaan Brand, product manager at Google in a press release. "Today’s announcement of FIDO2 certification for Android helps move this initiative forward, giving our partners and developers a standardized way to access secure keystores across devices, both in market already as well as forthcoming models, in order to build convenient biometric controls for users."
“FIDO2 was designed from day-one to be implemented by platforms, with the ultimate goal of ubiquity across all the web browsers, devices and services we use every day," said Brett McDowell, executive director of the FIDO Alliance, in the same press release. "With this news from Google, the number of users with FIDO Authentication capabilities has grown dramatically and decisively. Together with the leading web browsers that are already FIDO2 compliant, now is the time for website developers to free their users from the risk and hassle of passwords and integrate FIDO Authentication today."