Save The Chesham

Android Gets Password Less Website and App Access

Recently, There is an update that, Android is now FIDO2 certified.

Mobile applications and websites can now use the Fido standard to provide simpler and safer bio metric logins for users in more than one billion devices that support Android 7.0+, according to the Fido Alliance (Fast ID Online), a consortium of technology industry partners, including Amazon , Facebook, Google, Microsoft and Intel, which work together to set standards for strong authentication.

Now, you’ll be thinking that what is FIDO? FIDO (Fast ID Online) is an open industry association launched in February 2013 whose mission is to promote authentication standards that help reduce the world’s over-reliance on passwords.

Simply, It means this FIDO association will soon help everyone to go passwordless. As we saw here FIDO2, then let just clear ourselves what’s the difference between FIDO and FIDO2.

What is the Difference between FIDO and FIDO2?

FIDO2 is basically the successor of FIDO. While FIDO protocol is designed to act as a second factor to strengthen the existing user’s password and username. A new key pair is generated for full separation between them to preserve privacy.

And FIDO2 is the new passwordless innovation or evolution of FIDO. The general objective of FIDO2 is to provide an extended set of features to cover other use cases, the main driver being login flows without a password.

Android is now under the innovation of FIDO2 project, which is a set of both WebAuthn & CTAP.

What is WebAuthn & CTAP?

WebAuthn: WebAuthn is a core component of the FIDO2 Project under the guidance of the FIDO Alliance. The goal of the project is to standardize an interface for authenticating users to web-based applications and services using public-key cryptography.

CTAP: CTAP is complementary to the Web Authentication Standard (WebAuthn) published by the World Wide Web Consortium (W3C). WebAuthn and CTAP are the main products of the FIDO2 project, a joint effort of the FIDO Alliance and the W3C.

Which Browsers supports FIDO?

Almost all the common browsers support FIDO, such as Google Chrome, Microsoft Edge and Mozilla Firefox, with preview support by Apple Safari.

Android is now FIDO2 certified means?

After these certification devices which have an Android version more than 7.0+ is now Fido2 certified out of the box, or they will get an update via Google Play Services.

This feature will help the user to unlock their many websites and applications credential (username or password) with ease just by using their inbuilt Fingerprint sensor or using their Fido security keys for one time.

The FIDO association said they now can add FIDO strong authentication to web apps and native applications using various API( application programming interface) call. To make it passwordless and make it phishing resistant security to Android users.

Christiaan Brand, product manager at Google, said: “the company has worked with Fido Alliance and W3C to standardize the Fido2 protocol”.

The Fido2 certification announcement for Android helps advance this initiative, giving our partners and developers a standard way to access key stores that are safe across devices, both on the market and future models, to build bio metric controls that are convenient for users.

This FIDO2 innovation going to save us from being hacked because of our FIDO2 protocol stores the authentication key on only the user’s device in offline conditions.

Conclusion:

After this huge success of Android, Many Device manufacturers are interested in taking advantage of out-of-the-box certifications and displaying Fido certified logos on their Android devices. Because of this certification, many people are going to believe and going to support Android forever. There will be no doubt as Security breach in Android device while sharing password without sharing any password. Let us know your views on this and comment below.