FIDO (Fast Identity Online) Alliance has finally sought to get Android into its latest project of setting up security standards and global migration beyond passwords.
The project, known as FIDO2 was launched last year with a goal to set up easier password-free logins for applications and websites and Google will now be applying it to users of more than a billion devices running on Android Nougat and up. This means that apps and websites on these devices will now have standards to provide a simpler and more secure biometric login for the users.
FIDO2 is a new security protocol that consists of interlinking activities (CTAP and WC3) that together create a FIDO authentication standard for the web and expands further the FIDO ecosystem. This then what allows the linking of a device’s hardware security, via fingerprint or other keys, with digital accounts to sign in easily.
This security protocol is already supported by some major web browsers including Google Chrome, Microsoft Edge and Mozilla Firefox with preview support by Apple Safari. With Android recently certified for FIDO2, users of Android devices will be able to use their device’s built-in fingerprint sensor or FIDO security keys or both for secure passwordless access to websites and native apps that support the FIDO protocols.
According to the FIDO Alliance, web and app developers will now be able to add strong FIDO authentication to their Android web apps and native apps through an API (Application Programming Interface) call to bring the new phishing-resistant security to their users.
Google then reported to have been working for some time now with FIDO Alliance to bring up their standards to the FIDO2 protocols. According to their product manager Christian Brand, this certification will help move the initiative forward, giving developers a way to secure their key stores across devices, both upcoming and the ones already in the market in order to build convenient biometric controls for users.
With the first of web browsers, the FIDO2 standards might surely save developers and users from the hassle and risk of passwords by integrating the FIDO authentication. Via a Google Services update, the login functionality will soon be rolling out globally to Android devices running Android Nougat 7.0 and beyond. Any devices manufacturers interested in taking advantage of the certification will then have to consult FIDO Alliance’s trademark and service mark usage agreement.