If you have already installed the latest update of Google Play Services released earlier today, and your Android device is running Android version 7.0 Nougat or above—Congratulations! Your device is now FIDO2 Certified.
Are you thinking… what the heck that actually means?
It means, instead of remembering complex passwords for your online accounts, you can now actually use your Android's built-in fingerprint sensor or FIDO security keys for secure password-less access to log into apps and websites that support the FIDO2 protocols, Google and the FIDO Alliance—a consortium that develops open source authentication standards—announced Monday.
FIDO2 (Fast Identity Online) protocol offers strong passwordless authentication based on standard public key cryptography using hardware FIDO authenticators like security keys, mobile phones, and other built-in devices.
FIDO2 certified devices work on Mac OS X, Windows, Linux, Chrome OS and supported by all major browsers including Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari (included as a preview).
Though Android already offered FIDO-based authentication for installed apps using external hardware authenticator like YubiKey or Titan Security Key, the new update now expands this functionality to online web services via mobile browsers.
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
"Web and app developers can now add FIDO strong authentication to their Android apps and websites through a simple API call, to bring passwordless, phishing-resistant security to a rapidly expanding base of end users who already have leading Android devices and/or will upgrade to new devices in the future," FIDO Alliance announced.
If your FIDO2 certified Android device does not have a fingerprint sensor, you can use other authentication methods, like a PIN or swipe pattern that you use to unlock your phone, to log into apps and online accounts.
Last year, Google also launched a FIDO-based Titan Security Key that verifies the integrity of security keys at the hardware level to provide the highest level of protection against phishing attacks.