A password replacement for 1.7 billion Android users is coming
Google’s quest to rid the world of passwords takes a major step forwardValentina Spiridonova
Google has announced that it is to start replacing passwords as a method of verifying identity online for Android users. It would instead introduce a new feature that allows Android owners to use their biometrics or PIN lock code, instead of a password, to log into company's web services. The Online biometric authentication is already available on Chrome for Android as of 12 August.
"Google is happy to announce that you can verify your identity by using your fingerprint or screen lock instead of a password when visiting certain Google services," Dongjing He, a Google software engineer, and Christian Brand, a Google product manager said in a Google Security Blog posting yesterday. The two explained company's decision by underlining that "new security technologies are surpassing passwords in terms of both strength and convenience."
What does this mean? Google said it plans to roll out online biometric authentication to all smartphones with Android 7.0 and above "over the next few days". With the latest statistics showing that there are now 2.6 billion active Android devices, and 68% of them running Android 7.0 or later, that means 1.7 billion people could be in line for passwordless logins to Google, built on a FIDO2 framework.
The FIDO Alliance, which stands for Fast Identity Online, is an industry body on a mission to solve the problem of passwords through the use of open standards to drive technologies that can securely replace them. FIDO2 is a set of such standards that enable logins backed by strong cryptographic security.
The changes that Google is making come "as a result of years of collaboration between Google and many other organizations in the FIDO Alliance and the W3C," the announcement stated. W3C is the World Wide Web Consortium, and it recently approved a standard for a web authentication application programming interface (API) called WebAuthn, after three years of talking and testing.
The power of this new feature is that it's much safer than a password. Credentials are stored on device, and there's no threat of people reusing the same password on multiple different web services. For now, though, it is limited to just the Google Password Manager service. There is no indication as to when you will be able to use your fingerprint, or PIN, to access Gmail for example. But its still a start.
To check out the feature, visit the company's online password browser, accessible via passwords.google.com. Once there, Chrome will prompt you to authenticate your identity using your phone's fingerprint sensor. Alternatively, per a recently published support page, it's possible to use any other authentication method you prefer, whether that be pin, pattern or password.