Passwords are usually the main way to keep your online accounts safe, but unless you’re using a complex password that’s hard to remember, your account is probably not as secure as you’re hoping. Luckily, there’s a better way. The FIDO Alliance has been developing the FIDO2 standard for years now, and this week Android has been certified for the protocol. Here’s what that means for you.
Announced today, an update to Google Play Services is rolling out now which adds FIDO2 certification to roughly half of all Android devices available today. The update lets you log in to support apps and services with the fingerprint or PIN on your device rather than requiring a password.
FIDO2 is designed to keep the authentication of your accounts stored locally on the device. As Google’s Christiaan Brand explains, this takes away the “shared secret”. Rather than both you and the service authenticating the account with the password you both know, FIDO2 lets Android users prove they are the authenticated user without the service knowing the “secret.” In this case, the all-too-common security breach won’t expose any of your data.
This sort of functionality is already live in some apps, such as banking applications, but the new certification opens it up to everyone. That means other app developers can implement FIDO2 support into their Android apps, and browsers support the APIs as well.
Submitted by: Arnfried Walbrecht