If you own an Android device, you can finally join the biometric revolution and log into apps and websites without the use of a password. You can now do so with the use of your fingerprint, and if that is not available to you, you can use a PIN or swipe pattern, thanks to FIDO2 capability. While this has been a feature that has been available to iOS for a few years, Android wasn’t able to follow suit because of the number of different manufacturers for the handset and other devices.
Greater Security for Android
We’ve been told for some time that complex passwords are needed to help maintain security on computers, smartphones, and other devices, as well as with software, apps, and websites. But there are difficulties that come along with this such as the more complex they are, the more difficult they are to remember, and they need to be updated more often than we are comfortable with as well.
Google is working with FIDO Alliance to allow greater security on Android devices. FIDO2 capability will allow biometric methods which are perceived as being safer since your fingerprint is unique to you and can be difficult to replicate. It’s also authenticated locally, so your data is never being transferred.
Christiaan Brand, an identity and security product manager at Google explains that “the important, often overlooked, part of this technology” is not that it just allows users to sign in biometrically, “but rather moving authentication from a ‘shared secret’ model – in which both you and the service you’re interacting with needs to know some ‘secret’ like your password – to an ‘asymmetric’ model where you only need to prove that you know a secret, but the remote service doesn’t actually get to know the secret itself.”
He adds, “This is good in many ways, as a breach of your data on the server side doesn’t actually reveal anything that can compromise the keys you use to access the service.”
So while it’s easier to sign in and also more difficult to replicate, it’s also less likely to be stolen, as it won’t be revealed in a data breach on a server.
Don’t worry if your Android doesn’t have a fingerprint sensor, as you’ll be open to other methods that you currently use to unlock your phone, such as a PIN or a swipe pattern, to authenticate in apps and websites.
Some may also use other authentication options to sign in to banking apps and the major browsers, such as Chrome, Edge, and Firefox, but now it will be available to all apps, as long as app developers adopt FIDO’s API.
The Importance of Updates
However, this new protocol isn’t going to help you unless you are current with your Android release. As of last October, nearly half of all Android users were still using version 6.0 and older. You can add this to the long list of reasons it’s a good idea to keep updated and always use the most recent version of software.
Is this news regarding Android employing FIDO2 to allow biometric app logins and other authentication good news to you? Is it something you’ve been waiting for? Add your thoughts on this to the comments below.