If you have already installed the latest update of Google Play Services released earlier today, and your Android device is running Android version 7.0 Nougat or above—Congratulations! Your device is now FIDO2 Certified.
Are you thinking… what the heck that actually means?
It means, instead of remembering complex passwords for your online accounts, you can now actually use your Android’s built-in fingerprint sensor or FIDO security keys for secure password-less access to log into apps and websites that support the FIDO2 protocols, Google and the FIDO Alliance—a consortium that develops open source authentication standards—announced Monday.
FIDO2 (Fast Identity Online) protocol offers strong passwordless authentication based on standard public key cryptography using hardware FIDO authenticators like security keys, mobile phones, and other built-in devices.
FIDO2 protocol is a combination of W3C’s WebAuthn API that allows developers to integrate FIDO authentication into web browsers, and FIDO’s Client to Authenticator Protocol (CTAP) which allows users to login without a password.
FIDO2 certified devices work on Mac OS X, Windows, Linux, Chrome OS and supported by all major browsers including Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari (included as a preview).
Though Android already offered FIDO-based authentication for installed apps using external hardware authenticator like YubiKey or Titan Security Key, the new update now expands this functionality to online web services via mobile browsers.
“Web and app developers can now add FIDO strong authentication to their Android apps and websites through a simple API call, to bring passwordless, phishing-resistant security to a rapidly expanding base of end users who already have leading Android devices and/or will upgrade to new devices in the future,” FIDO Alliance announced.
If your FIDO2 certified Android device does not have a fingerprint sensor, you can use other authentication methods, like a PIN or swipe pattern that you use to unlock your phone, to log into apps and online accounts.
Last year, Google also launched a FIDO-based Titan Security Key that verifies the integrity of security keys at the hardware level to provide the highest level of protection against phishing attacks.