Android has added certified support for the FIDO2 standard, meaning Android 7 onwards devices will support secure password-less logins to websites.
The move means web developers can also design their sites to securely interact with Android’s FIDO2 management infrastructure, Google said this week.
(FIDO2 is supported by Chrome, Microsoft Edge and Firefox. )
The FAST Identity Online (FIDO) Alliance was launched in 2012 with the aim of tackling issues users had managing multiple passwords across the internet.
With online password and users names for sale in abundance on the dark web, FIDO wants to move the internet towards a new form of authentication that doesn’t require password logins, instead using tools like biometrics and hardware dongles.
Christiaan Brand, Product Manager at Google, commented in a release: “Google has long worked with the FIDO Alliance and W3C to standardize FIDO2 protocols, which give any application the ability to move beyond password authentication while offering protection against phishing attacks.”
“FIDO2 certification for Android helps move this initiative forward, giving our partners and developers a standardized way to access secure keystores across devices, both in market already as well as forthcoming models, in order to build convenient biometric controls for users.”
FAST Identity Online Alliance FIDO2 Certification
Brett McDowell Executive Director FIDO Alliance added: “FIDO2 was designed from day-one to be implemented by platforms, with the ultimate goal of ubiquity across all the web browsers, devices and services we use every day.”
“With this news from Google, the number of users with FIDO Authentication capabilities has grown dramatically and decisively. Together with the leading web browsers that are already FIDO2 compliant, now is the time for website developers to free their users from the risk and hassle of passwords and integrate FIDO Authentication today.”
The FIDO2 standard comprises the World Wide Web Consortium’s (W3C) Web Authentication specification and the corresponding Client to Authenticator Protocol (CTAP) from FIDO Alliance. Together these initiatives create an ecosystem of compliant devices that can easily authenticate themselves to online services.
Through the construction of an API call developers can initiate password-free access that is resistant to phishing and credit stuffing attacks. Android already offered secure FIDO login options for mobile apps. FIDO2 support will make it possible to use its authentication steps for web services in a mobile browser too, if