Android officially adopts FIDO2 authentication standard as alternative to passwords

[silversurfer]

Google’s Android operating system is now certified to employ the FIDO2 open authentication standard, a development that could help owners of more than a billion Android devices phase out the use of passwords when logging in to online services.

As an alternative to potentially insecure passwords, FIDO2 instead offers the option of using fingerprints or FIDO security keys to log into browsers, websites and apps that support FIDO2 protocols. As a result of the certification, devices operating on Android 7.0 or higher will be FIDO2-enabled either out of the box or after an automated Google Play Services update.

FIDO2 is comprised of both the World Wide Web Consortium’s (W3C) web authentication specification and FIDO Alliance’s Client to Authenticator Protocol (CTAP).

“Google has long worked with the FIDO Alliance and W3C to standardize FIDO2 protocols, which give any application the ability to move beyond password authentication while offering protection against phishing attacks,” said Christiaan Brand, product manager at Google in a press release.

“Today’s announcement of FIDO2 certification for Android helps move this initiative forward, giving our partners and developers a standardized way to access secure keystores across devices, both in market already as well as forthcoming models, in order to build convenient biometric controls for users.”

SOURCE: https://www.scmagazine.com/home/security...passwords/