Your Android passwords could one day go the way of the floppy disk.
Google’s and the Fast Identity Online Alliance said Monday that Android is now FIDO2-certified, meaning its devices can use fingerprints and security keys for logging in to accounts instead of passwords. The certification was unveiled at Mobile World Congress in Barcelona, Spain.
The change will only affect devices running Android 7 and up, which accounts for half of all Android users. Nothing is needed for the billion Android devices to get the added security. It’ll be available out of the box or with an automatic Google Play Services update, the FIDO Alliance said.
Using fingerprints or security keys as passwords was already available for a handful of apps on Android, primarily for banking and other financial services. The change opens security features to any Android developer, allowing for password-less logins on the operating system’s mobile browser and apps.
Passwords are the keys to your digital lives, allowing access to accounts managing your finances, your social life and more. The problem is, they aren’t very secure gatekeeper because hackers can easily steal your credentials and sell them in data dumps. They’re even more ineffective if you use the same password for multiple accounts, as highlighted by reports that TurboTax account information was accessed using passwords from other accounts.
Computers have also become so powerful that they can easily guess complicated passwords within a matter of hours by entering every possible combination.
That’s why security industry professionals want to move past passwords, using tools like biometrics and security keys instead. Unlike passwords, fingerprints and security keys are much harder to steal online, and with the FIDO2 standard, they’re protected against phishing attacks.
“With this news from Google, the number of users with FIDO Authentication capabilities has grown dramatically and decisively,” Brett McDowell, executive director of the FIDO Alliance, said in a statement. “Together with the leading web browsers that are already FIDO2 compliant, now is the time for website developers to free their users from the risk and hassle of passwords and integrate FIDO Authentication today.”
Google Chrome, Microsoft Edge and Mozilla Firefox already support the FIDO2 standard.
The security standard checks when you log in to make sure it’s the real page and not a fake site designed to fool you. Hackers frequently spoof pages as Google showcased several fake support pages that looked identical to the real ones.
In a 2016 survey from TeleSign, the security company found that 72 percent of companies plan to stop using passwords in the next 10 years, moving to biometrics and two-factor authentication.
It’s the same vision for Google, which created its own security key in July, and experts believe fingerprints are the most popular replacement for passwords.