Part of the advantages of having a password manager on your smartphone or tablet is that they allow users to log in to sites without having to remember and type passwords all the time. Even better, they let users authenticate themselves using fingerprints to make the process smooth.
What if that was the situation across pretty much everything you did across the web?
That may be a reality soon if what Google has started with a section of its services and devices running Android is anything to go by.
Thanks to the recent approval of an official Web standard authentication interface which is supported by Google and other companies like PayPal, Microsoft, Amazon and others by the World Wide Web Consortium (W3C), Google will be letting Android users confirm their identity using just their fingerprint.
How it works, in principle, is simple (well, at least from the user point of view, not the technicalities involved in the back end). On websites where WebAuthn, as the interface is known as, has been implemented, users’ mobile devices are registered when accessing those sites – done when one accesses a site for the first time and are prompted to key in their login credentials – and then after that, any login access is processed using the locally set means of authenticating themselves (either a lock screen PIN, password, or, fingerprint).
This, in a nutshell, is what Google is bringing to some of its services on Android devices.
For now, this is limited to Google’s mobile Chrome browser for services like Google Passwords (passwords.google.com). We have no information on which other apps and services Google has enabled the same on. The company says that it will be rolling out this capability across all the services it offers.
This new authentication feature is being rolled out to devices running Android 7.0, Nougat, and newer versions over the next few days. Pixel smartphones are receiving the feature immediately.
This latest move is part of Google’s efforts to secure users’ logins and thwart the increasing cases of phishing as people with malicious intent get better at social engineering and users’ weak passwords get exposed.
Back in May, Google announced that Android users could now use their devices as security keys.
“Security keys are now available built-in on phones running Android 7.0+ (Nougat) at no additional cost. That way, your users can use their phones as their primary 2FA method for work (G Suite, Cloud Identity, and GCP) and personal Google Accounts to sign in on Bluetooth-enabled Chrome OS, macOS X, or Windows 10 devices with a Chrome browser. This gives them the strongest 2FA method with the convenience of a phone that’s always in their pocket,” Christiaan Brand, the Google Cloud Project Manager and Arnar Birgisson, a software engineer at Google, wrote on the company’s blog.