With online password and users names for sale in abundance on the dark web, FIDO wants to move the internet towards a new form of authentication that doesn’t require password logins, instead using tools like biometrics and hardware dongles.
Christiaan Brand, Product Manager at Google, commented in a release: “Google has long worked with the FIDO Alliance and W3C to standardize FIDO2 protocols, which give any application the ability to move beyond password authentication while offering protection against phishing attacks.”
“FIDO2 certification for Android helps move this initiative forward, giving our partners and developers a standardized way to access secure keystores across devices, both in market already as well as forthcoming models, in order to build convenient biometric controls for users.”
FAST Identity Online Alliance FIDO2 Certification
Brett McDowell Executive Director FIDO Alliance added: “FIDO2 was designed from day-one to be implemented by platforms, with the ultimate goal of ubiquity across all the web browsers, devices and services we use every day.”
“With this news from Google, the number of users with FIDO Authentication capabilities has grown dramatically and decisively. Together with the leading web browsers that are already FIDO2 compliant, now is the time for website developers to free their users from the risk and hassle of passwords and integrate FIDO Authentication today.”
The FIDO2 standard comprises the World Wide Web Consortium’s (W3C) Web Authentication specification and the corresponding Client to Authenticator Protocol (CTAP) from FIDO Alliance. Together these initiatives create an ecosystem of compliant devices that can easily authenticate themselves to online services.
Through the construction of an API call developers can initiate password-free access that is resistant to phishing and credit stuffing attacks. Android already offered secure FIDO login options for mobile apps. FIDO2 support will make it possible to use its authentication steps for web services in a mobile browser too, if
This article is from the CBROnline archive: some formatting and images may not be present.
Join Our Newsletter
Want more on technology leadership?
Sign up for Tech Monitor's weekly newsletter, Changelog, for the latest insight and analysis delivered straight to your inbox.