With Google’s latest announcement, your passwords could one day go the way of the floppy disk.
Google and the Fast IDentity Online Alliance said Monday that Android is now FIDO2 certified, meaning that its devices can use fingerprints and security keys to log in to accounts instead of using passwords. They made the announcement at Mobile World Congress in Barcelona, Spain.
The change will only affect devices running Android 7 and up, which accounts for half of all Android users. The billion Android devices don’t need to do anything to get the added security. It’ll be available out of the box or with an automatic Google Play Services update, the FIDO Alliance said.
Using fingerprints or security keys as passwords was already available for a handful of apps on Android, primarily for banking or finances. This change opens it up it for any Android developer, allowing for password-less logins on the operating system’s mobile browser and apps.
Passwords are the keys to your digital lives, allowing access to accounts managing your finances, your social life and more. The problem is, they’re not very secure gatekeepers, as hackers can easily steal your credentials and sell them in data dumps. They’re even more ineffective if you use the same password for multiple accounts.
Computers have also become so powerful that they can easily guess complicated passwords within a matter of hours by entering every possible combination.
It’s why security industry professionals want to move past passwords, using tools like biometrics and security keys instead. Unlike passwords, security keys and your fingerprints are much harder to steal online, and with the FIDO2 standard, they’re protected against phishing attacks.
“With this news from Google, the number of users with FIDO Authentication capabilities has grown dramatically and decisively,” Brett McDowell, executive director of the FIDO Alliance, said in a statement. “Together with the leading web browsers that are already FIDO2 compliant, now is the time for website developers to free their users from the risk and hassle of passwords and integrate FIDO Authentication today.”
Google Chrome, Microsoft Edge and Mozilla Firefox already support the FIDO2 standard.
The security standard checks when you log in to make sure it’s the real page and not a fake site designed to fool you. Hackers frequently do this, as Google showcased several fake support pages that looked identical to the real ones.
In a 2016 survey from TeleSign, the security company found that 72 percent of companies plan to stop using passwords in the next 10 years, moving to biometrics and two-factor authentication.
It’s the same vision for Google, which created its own security key in July, and experts believe fingerprints are the most popular replacement for passwords.
5G and foldable phones go big at MWC 2019: With international intrigue and a 5G coming-out party, this show doesn’t need the boost of a Samsung event.
Mobile World Congress 2019: Complete coverage of the world’s biggest phone show.