From time to time, you’ll be asked to enter your Google Account password online even when already signed in. On Android, the company’s first-party web services can now “Verify that it’s you” with just a fingerprint.
When accessing sensitive information, Google often throws up the sign-in screen again to make sure it’s really you. For example, passwords.google.com shows a list of saved credentials, but to actually see the email address and password you need to enter your main Google Account login.
Google is making this process faster and more convenient on Android by replacing the password online with your fingerprint or existing phone screen lock method. That includes pins and passwords, but also face unlock in the future. This applies to “certain Google services” on the web, including the first-party Password Manager.
As we continue to embrace the FIDO2 standard, you will start seeing more places where local alternatives to passwords are accepted as an authentication mechanism for Google and Google Cloud services.
Behind the scenes, Google is leveraging FIDO2 and the WebAuthn standards. These protocols allow both native apps and websites to benefit from the fingerprint you already registered when you first got that phone.
An important benefit of using FIDO2 versus interacting with the native fingerprint APIs on Android is that these biometric capabilities are now, for the first time, available on the web, allowing the same credentials be used by both native apps and web services.
Google explains how your actual fingerprint stays on-device and is never sent to its servers, just the cryptographic proof that you’ve correctly scanned is relayed to authenticate.
This seamless sign-in is available on Pixel and Android 7.0+ devices that have a screen lock and personal Google Account. It’s rolling out over the next several days, and can be demoed on the Google Passwords site: