Google Services Going Passwordless on Android


What Google did say in its blog posts was "you will start seeing more places where local alternatives to passwords are accepted as an authentication mechanism for Google and Google Cloud services", so that gives us some hope for a password less future.

Google points out to those anxious about privacy, that fingerprints are never sent to Google's servers and are stored securely on the user's phone. What's new here is being able to use that same fingerprint to log in to one of Google's web services within the Chrome browser.

These enhancements are built using the FIDO2 standards, W3C WebAuthn and FIDO CTAP, and are created to provide simpler and more secure authentication experiences.

Microsoft's Windows Hello biometric login system in Windows 10 version 1903 was similarly FIDO2 certified this year, allowing users to sign in to a host of Microsoft's online services with a fingerprint, face, or PIN.

So what is the advantage for Android users?

More news: Apple releases first look at star-powered drama 'The Morning Show'
More news: Xiaomi Has 64MP and 108MP Camera Phones on the Way
More news: LG G8X Expected To Launch At IFA 2019

The combined standards could help stem some of the downsides of familiar login processes that require a password.

To be both fair and clear, Android smartphones already have the ability to allow the user to use their fingerprint to authenticate Google Pay purchase, as well as to log in to apps.

Google announced todaythat starting with the Pixel handsets, you can verify your identity with some Google services on the web by using your fingerprints or a screen lock instead of a password. Individuals are then asked to verify it's them by scanning their fingerprint. It's still secure, there's an implied lineage of authentication history (associated devices are "Bootstrapped" as Google calls it), it's just a whole lot more convenient than typing your password. The problems with passwords are numerous, but things are slowly changing with biometrics, hardware security keys, and so on.

Google doesn't have fingerprint data on its servers - that stays locally on your phone. After that, a cryptographic proof is sent to Google's servers. First, your device must be running Android Nougat or higher and contain your Google Account. As mentioned earlier, Google is looking to extending that same functionality towards some of its web services on Chrome.