IT security is an ever-evolving field – or a game of cats and mice if you like – with either new or improved standards to ensure we keep our data safe. One of the most recent developments has been the FIDO2 initiative, which promises secure access to websites and applications without the strictly necessary password. And one of the ads coming out of MWC this year is that Android is now FIDO2 certified.
FIDO2 delivers security to alternative devices such as fingerprint readers, cameras and FIDO keys to any site or app that supports protocol. Ideally, it may mean that you don't have to enter your password so often to log in to your favorite services, provided the developers support the FIDO2 API. The appeal of this comes from its alleged strength against phishing, man-in-the-middle and stolen credentials.
Android devices support either FIDO2 right out of the box or with an update of Google Play Services. It will be up to the individual manufacturers to take advantage of the certificate outside the box, from the sound of it.
BARCELONA, February 25, 2019 – Today, the FIDO Alliance announced that Android is now FIDO2 Certified, giving simpler and stronger authentication capabilities to over one billion units using this platform every day. With this news, a compatible device running Android 7.0+ is now FIDO2 certified out of the box or after an automated update of Google Play Services. This allows users to utilize their device's built-in fingerprint sensor and / or FIDO security password-free access keys to websites and native applications that support the FIDO2 protocols.
Web and app developers can now add FIDO strong authentication to their Android apps and websites through a simple API call to bring password-free, phishing-resistant security to a fast-growing base of end users who already have leading Android devices and / or want to upgrade to new devices in the future.
"Google has long been working with the FIDO Alliance and W3C to standardize FIDO2 protocols that allow any application to move beyond password authentication while ensuring protection against phishing attacks. Today's FIDO2 message certification for Android helps move this initiative forward, giving our partners and developers a standardized way to access secure keystores across devices, both on the market and in future models, to build practical biometric controls for users, "Christiaan Brand, Product Manager, Google said.
FIDO2 is already supported on the market by leading web browsers Google Chrome, Microsoft Edge and Mozilla Firefox (with preview of Apple Safari), and consists of the World Wide Web Consortiums (W3C) Web Authentication Specification and the corresponding Client to Authenticator Protocol (CTAP ) from the FIDO Alliance. Overall, these standards allow users to easily and securely log into online services with FIDO2-compatible devices such as fingerprint readers, cameras, and / or FIDO security keys.
"FIDO2 was designed from day one to deploy platforms, with the ultimate goal of ubiquity across all the web browsers, devices and services we use every day. With this news from Google, the number of users with FIDO authentication features Growing dramatically and decisively, along with the leading web browsers already compatible with FIDO2, it is now time for web developers to release their users from the risk and hassle of passwords and integrate FIDO approval today, "Brett McDowell, CEO, added. FIDO Alliance.
FIDO2's simple user experience is supported by strong cryptographic security that is transparent to the user and protects against phishing, man-in-the-middle and attack by stolen credentials. FIDO2 support has grown since the specifications were introduced last spring. In addition to browser and platform support, several FIDO2 certified products have been announced that support implementation.
Device manufacturers interested in exploiting the certificate out of the box and displaying the FIDO Certified logo on their Android devices should consult the FIDO Alliance's new trademark and service brand usage agreement.