FIDO2 certification for Android to make passwords obsolete


FIDO Alliance has announced that Android is now FIDO2 Certified, meaning, any compatible device running Android 7.0+ is now FIDO2 Certified out of the box or after an automated Google Play Services update. This gives users the ability to leverage their device’s built-in fingerprint sensor and/or FIDO security keys for secure passwordless access to websites and native applications that support the FIDO2 protocols.

Web and app developers can now add FIDO strong authentication to their Android apps and websites through a simple API call, to bring passwordless, phishing-resistant security to end users who already have leading Android devices and/or will upgrade to new devices in the future. FIDO is already supported on web browsers including Google Chrome, Microsoft Edge, and Firefox.

FIDO2 is comprised of the World Wide Web Consortium’s (W3C) Web Authentication specification and the corresponding Client to Authenticator Protocol (CTAP) from FIDO Alliance. Collectively, these standards enable users to more easily and securely log in to online services with FIDO2-compliant devices such as fingerprint readers, cameras and/or FIDO security keys. FIDO2’s simple user experiences are backed by strong cryptographic security that is transparent to the user and protects against phishing, man-in-the-middle, and attacks using stolen credentials.

Brett McDowell, Executive Director, FIDO Alliance said:

FIDO2 was designed from day-one to be implemented by platforms, with the ultimate goal of ubiquity across all the web browsers, devices and services we use every day. With this news from Google, the number of users with FIDO Authentication capabilities has grown dramatically and decisively. Together with the leading web browsers that are already FIDO2 compliant, now is the time for website developers to free their users from the risk and hassle of passwords and integrate FIDO Authentication today.

Christiaan Brand, Product Manager, Google said:

Google has long worked with the FIDO Alliance and W3C to standardize FIDO2 protocols, which give any application the ability to move beyond password authentication while offering protection against phishing attacks. Today’s announcement of FIDO2 certification for Android helps move this initiative forward, giving our partners and developers a standardized way to access secure keystores across devices, both in market already as well as forthcoming models, in order to build convenient biometric controls for users.

Source