In its ongoing quest to rid the world of passwords, Google is introducing a new feature that allows Android owners to use their phone’s fingerprint sensor or PIN lock code, instead of a password, to log into one of the company’s web services. Notably, this marks the first time Google has allowed its customers to use their biometrics to authenticate their identity on the web rather than in an app.
Online biometric authentication is available starting today on Chrome for Android. To check out the feature, visit the company’s online password browser, accessible via passwords.google.com. Once there, Chrome will prompt you to authenticate your identity using your phone’s fingerprint sensor. Alternatively, per a recently published support page, it’s possible to use any other authentication method you prefer, whether that be pin, pattern or password.
At launch, the feature is available only on select Android smartphones. Using this framework, It’s also not possible to use one’s phone to authenticate a desktop login, at least not yet.
However, in a statement to The Verge, Google said it plans to roll out online biometric authentication to all smartphones with Android 7.0 and above “over the next few days.” Android Nougat is the cutoff here due to the fact that the feature is built on a FIDO2 framework. With 7.0 and above, all Android devices are FIDO2-certified. The same framework allows Android devices to double as a physical security key.
The power of this new feature is that it’s much safer than a password. Credentials are stored on device, and there’s no threat of people reusing the same password on multiple different web services.
Since late 2015, Google has talked about how it wants to make passwords a thing of the past. At I/O 2016, the company’s Advanced Technology and Projects (ATAP) Lab introduced Project Abacus, which it said would make passwords obsolete by the end of the year. Three years later, passwords, particularly bad ones like “password,” are still ubiquitous, but at least this is a step in the right direction.
Author: Igor Bonifacic
Source: GSMArena authentication, biometric, fingerprint, gear, google, internet, online security