Android users looking for improved security are in luck as the FIDO Alliance has announced that Google's mobile OS is now FIDO2 Certified.
Users with smartphones running Android 7.0 or higher can now take full advantage of their device's built-in fingerprint sensor for secure passwordless access to websites and native apps that support the FIDO2 protocols.
Developers will also be able to add FIDO strong authentication to their Android apps and websites through a simple API call.
- Google reveals its super-secure Security Key
- Apple now offers USB security key support for Safari
- Yubico launches Security Key NFC and previews Yubikey for Lightning
Google's Product Manager Christiaan Brand praised the announcement (opens in new tab), saying:
“Google has long worked with the FIDO Alliance and W3C to standardize FIDO2 protocols, which give any application the ability to move beyond password authentication while offering protection against phishing attacks. Today’s announcement of FIDO2 certification for Android helps move this initiative forward, giving our partners and developers a standardized way to access secure keystores across devices, both in market already as well as forthcoming models, in order to build convenient biometric controls for users.”
FIDO2 is comprised of the World Wide Web Consortium's (W3C) Web Authentication specification and FIDO Alliance's corresponding Client to Authenticator Protocol (CTAP). Together, these standard allow users to more easily and securely login to online services with FIDO2-compliant devices such as fingerprint readers, cameras and FIDO security Keys.
Executive Director at the FIDO Alliance, Brett McDowell explained how greater availability of FIDO2 would encourage developers to make their sites passwordless, saying:
“FIDO2 was designed from day-one to be implemented by platforms, with the ultimate goal of ubiquity across all the web browsers, devices and services we use every day. With this news from Google, the number of users with FIDO Authentication capabilities has grown dramatically and decisively. Together with the leading web browsers that are already FIDO2 compliant, now is the time for website developers to free their users from the risk and hassle of passwords and integrate FIDO Authentication today.”