Google is paving the way for a world of no passwords on Android 7.0+ devices

by Adrian Diaconescu / Feb 25, 2019, 7:21 AM

Google is paving the way for a world of no passwords on Android 7.0+ devices

Your fingerprint could soon replace all your online passwords

Even if you don't use one of the world's most popular passwords (popularity being a bad thing in this particular case), keeping your data secure across the web can be a major hassle. The best passwords are lengthy, unique to every single app or service requiring login credentials, and composed of as many different (and ideally, random) alphanumeric characters as possible.

It's also a good idea to change your passwords from time to time to stay protected from increasingly sophisticated hacking methods, but then how are you supposed to remember or store that much delicate information without compromising your entire security setup? Well, soon enough, you may not have to do any heavy lifting of that sort on your Android phone, as FIDO2 certification is added to the market-leading mobile OS for devices running version 7.0 and up.

This essentially means alternative authentication options can now be offered by web and app developers with minimal effort. Just picture a world where you can access your private data and log into all kinds of apps and websites using your fingerprint or device unlock pattern instead of a complicated, vulnerable password. That's the dream Google and the FIDO Alliance are trying to turn into a reality, although Android app developers will still need to adhere to FIDO2 protocols.

That can be done through a "simple API call", but we might have to wait a while until the technology is widely adopted. When the time finally comes to ditch your passwords, Google and the FIDO Alliance are promising "strong cryptographic security that is transparent to the user", protecting against "phishing, man-in-the-middle and attacks using stolen credentials."

While you can easily guess why a website authentication system based on fingerprint recognition, cameras, and/or various local security keys won't be 100 percent infallible, its advantages are likely to outweigh certain inherent flaws. Technically, all Android 7.0+ devices are now FIDO2 certified either out of the box or after an "automated" Google Play Services update.

In case you're wondering, this FIDO Alliance you may not have heard much about until just now is a 2012-created industry consortium aiming to "remedy the problems users face with creating and remembering multiple usernames and passwords." This Android-adopted solution to that age-old predicament has already been implemented in Google Chrome, Microsoft Edge, and Mozilla Firefox browsers, with Apple's Safari currently offering "preview support."

Options

5 Comments

1. androiduser

Posts: 512; Member since: Jun 18, 2014

Amazing

posted on Feb 25, 2019, 8:43 AM 3

3. blingblingthing

Posts: 978; Member since: Oct 23, 2012

Streamlined innovation. A step in the right direction.

posted on Feb 25, 2019, 9:08 AM 3

4. midan

Posts: 3019; Member since: Oct 09, 2017

"Just picture a world where you can access your private data and log into all kinds of apps and websites using your fingerprint or device unlock pattern instead of a complicated, vulnerable password." And picture it even further. Don't touch anywhere and let the device do the magic for you, that's face ID.

posted on Feb 25, 2019, 2:13 PM 1

5. koioz

Posts: 164; Member since: Nov 29, 2018

Chinese phones like iphone, oneplus, xiaomi and huawei has face id. Am I correct?

posted on Feb 25, 2019, 3:14 PM 1

6. Gruuuvy

Posts: 1; Member since: Feb 25, 2019

Unfortunately, if you own a phone with Esim and your credentials are kept on the device and the device is lost then you'll not only need a new phone but a new phone number..... But I welcome FIDO2 for my Google phone...