View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 28, 2019

Android Gets FIDO2 Support: Death to Passwords?

FIDO2 was designed from day-one to be implemented by platforms

By CBR Staff Writer

Android has added certified support for the FIDO2 standard, meaning Android 7 onwards devices will support secure password-less logins to websites.

The move means web developers can also design their sites to securely interact with Android’s FIDO2 management infrastructure, Google said this week.

(FIDO2 is supported by Chrome, Microsoft Edge and Firefox. )

The FAST Identity Online (FIDO) Alliance was launched in 2012 with the aim of tackling issues users had managing multiple passwords across the internet.

With online password and users names for sale in abundance on the dark web, FIDO wants to move the internet towards a new form of authentication that doesn’t require password logins, instead using tools like biometrics and hardware dongles.

Read this: Meet the CEO on a “Spiritual Mission” to Bring Security to the Masses

Christiaan Brand, Product Manager at Google, commented in a release: “Google has long worked with the FIDO Alliance and W3C to standardize FIDO2 protocols, which give any application the ability to move beyond password authentication while offering protection against phishing attacks.”

“FIDO2 certification for Android helps move this initiative forward, giving our partners and developers a standardized way to access secure keystores across devices, both in market already as well as forthcoming models, in order to build convenient biometric controls for users.”

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?
FIDO2 Certification

Image Source: FIDO Project

FAST Identity Online Alliance FIDO2 Certification

Brett McDowell Executive Director FIDO Alliance added: “FIDO2 was designed from day-one to be implemented by platforms, with the ultimate goal of ubiquity across all the web browsers, devices and services we use every day.”

“With this news from Google, the number of users with FIDO Authentication capabilities has grown dramatically and decisively. Together with the leading web browsers that are already FIDO2 compliant, now is the time for website developers to free their users from the risk and hassle of passwords and integrate FIDO Authentication today.”

See this: Yubico in Google Disclosure Row

The FIDO2 standard comprises the World Wide Web Consortium’s (W3C) Web Authentication specification and the corresponding Client to Authenticator Protocol (CTAP) from FIDO Alliance. Together these initiatives create an ecosystem of compliant devices that can easily authenticate themselves to online services.

Through the construction of an API call developers can initiate password-free access that is resistant to phishing and credit stuffing attacks. Android already offered secure FIDO login options for mobile apps. FIDO2 support will make it possible to use its authentication steps for web services in a mobile browser too, if

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.