Google has announced an update that brings the capability for devices running Android 7 (Nougat) and later to access certain Google services via fingerprint and screen lock verification instead of passwords.
For the feature to work, the user’s personal Google account needs to be added to the device and one of the screen lock options — pattern, pin, password and fingerprint.
FIDO 2 standards, W3C WebAuthn and FIDO CTAP, have been used to improve the authentication experience for users.
The feature has already been rolled out to Pixel devices and will be coming to other devices running Android 7, 8 and 9 over the next few days.
Google made this feature in collaboration with FIDO Alliance and W3C.
“An important benefit of using FIDO2 versus interacting with the native fingerprint APIs on Android is that these biometric capabilities are now, for the first time, available on the web, allowing the same credentials to be used by both native apps and web services,” says the announcement.
So, if a user’s fingerprint has been registered by a Google service once, it will work for both the app as well as the website on Android devices.
According to the company, the fingerprint is securely saved on the device itself and isn’t sent to Google’s servers. A cryptographic proof that indicates a correct scan is sent to the company servers — a part of FIDO2 design.
“We remember the credential for that specific Android device. Now, when the user visits a compatible service, such as passwords.google.com, we issue a WebAuthn “Get” call, passing in the credentialId that we got when creating the credential. The result is a valid FIDO2 signature.”
Prayank heads the Editorial at Candid.Technology. When not writing, he loves taking trips on his bikes or chugging beers as Manchester United battle rivals.
Contact Prayank via email: [email protected] or call: +91-522-4333653