“The FIDO certification standard uses phishing-resistant biometric or physical key sign-in methods, thereby reducing threats from malicious sources.”
Android, the world’s most popular operating system, has now been certified by the FIDO Alliance. The OS now bears FIDO2 certification, which brings password-less authentication and sign-in standards to apps and websites running on the Android operating system. Any compatible device, running on Android Nougat 7.0 and above, will be certified with the FIDO2 standard automatically or through an upcoming Google Play Services update.
With this update, devices will be able to use elements such as biometric data stored in devices, and/or physical FIDO certification keys, to securely sign in to services such as banking, emails and more. For service providers that run applications and websites, all that is required is a simple API call integration into the code base, to ensure FIDO2 certification compatibility with eligible Android powered devices.
Christiaan Brand, product manager at Google, said in a statement, “Google has long worked with the FIDO Alliance and W3C to standardize FIDO2 protocols, which give any application the ability to move beyond password authentication while offering protection against phishing attacks. Today’s announcement of FIDO2 certification for Android (gives) our partners and developers a standardized way to access secure keystores across devices, both in market already as well as forthcoming models, in order to build convenient biometric controls for users.“
Alongside individual apps, the browsers that already support the FIDO2 certification standard include Google Chrome, Mozilla Firefox and Microsoft Edge, with the surprising exclusion of Opera. The primary aim of the FIDO certification standard is to bypass the password-based login procedures, which are leading to increasing amounts of vulnerability and probability of phishing attacks. Massive data breaches have been reported through traditional login methods, and the FIDO2 certification entirely bypasses the key exchange procedure of login.
It remains to be seen how quickly is the standard adopted by Android’s most notable service providers. Once adopted, it can significantly change the overall login experience for users, while making the OS safer than before.