FIDO2 certification allows password-less logins for Android users

Devices running Android 7 and above will be able to use more secure online account login methods rather than passwords

More than one billion Android users will now be able to use PINs, fingerprints, and similar secure login method thanks to FIDO2 certification

Google and Fido Alliance announced that devices running Android 7.0 Nougat and above are now certified by an open source authentication standards body FIDO. While the name might not tell much to regular users, the impact it can make to day-to-day phone usage is astonishing.

Users who run the latest update of Google Play Services can now forget complicated passwords used for multiple different accounts and instead employ more sophisticated authentication methods, such as a PIN, fingerprint or other biometrics. This means that more than a billion Android users will now be able to login to millions of websites and apps (that support the FIDO2 protocols) without having to remember passwords for each account.

This move will help both, web developers and users, as it will be able to protect both parties from phishing attacks and similar threats, as the FIDO Alliance said in the release from Mobile World Congress conference in Spain:^[1]

Web and app developers can now add FIDO strong authentication to their Android apps and websites through a simple API call, to bring passwordless, phishing-resistant security to a rapidly expanding base of end users who already have leading Android devices and/or will upgrade to new devices in the future.

Modern era requires modern login solutions, and FIDO provides just that

FIDO (Fast IDentity Online) is an industry organization that was launched back in 2013 with the help of parties from PayPal, Lenovo, and Nok Nok Labs. In 2016, the number of members totaled 260, including industry giants like Amazon, American Express, Google, Intel, Visa, Samsung, and others. The certification body supports various sophisticated authentication technologies, such as iris scanners, fingerprints, face or voice recognition, etc.

FIDO2 technology consists of two elements: World Wide Web Consortium’s (W3C) Web Authentication specification and FIDO Alliance Client to Authenticator Protocol (CTAP). Both of these certified standards can let users log in to devices that are compliant using securely and comfortably. In addition, the sophisticated FIDO2 is supported by most leading web browsers, such as Google Chrome, Microsoft Edge, Mozilla Firefox, as well as preview support of Apple's Safari on macOS, Windows, and Linux.

Brett McDowell, Executive Director of FIDO Alliance, said:^[1]

FIDO2 was designed from day-one to be implemented by platforms, with the ultimate goal of ubiquity across all the web browsers, devices and services we use every day. With this news from Google, the number of users with FIDO Authentication capabilities has grown dramatically and decisively. Together with the leading web browsers that are already FIDO2 compliant, now is the time for website developers to free their users from the risk and hassle of passwords and integrate FIDO Authentication today.

Data leaks are everywhere: update your Android phone to use the extra security features

According to the FIDO Alliance report, the new authentication methods will add an extra layer of security, protecting users from man-in-the-middle,^[2] phishing, and stolen credential attacks.

Indeed, security experts labeled 2018 the “year of the data breach tsunami,” with a total increase of 133% when it comes the number of year-over-year compromised records.^[3] Additionally, such methods like credential stuffing was prevalent among cybercriminal organizations like Magecart which was responsible for Ticketmaster^[4] and Shopper Approved^[5] data breaches.

The worst part is, that the customers and regular users suffer, losing money or end up with various their accounts hacked or stolen. Therefore, if you own an Android device that uses Nougat or above, make sure you launch the latest update for Google Play Services ASAP and make use of secure authentication methods provided by FIDO2. In case your device does not have a fingerprint sensor, you can always rely on a PIN or swipe pattern.