Android has received the FIDO2 certification. The Google operating system thus becomes a much more secure environment to use passwords without having to remember them. It will only be necessary to use the favorite biometric system of our phone for. If you put your fingerprint, you can access your Facebook account when opening your app, for example.
This new technology is not far from magic, and will arrive as a Google Play software update to all Android devices from version 7.0, approximately a little more than 1 billion worldwide. It is not the end of the password as an access method in general, but it will be the end of many of the keys that we use in our day today.
How does FIDO work?
It is an alliance of technology companies, under the name of FIDO (“Fast Online Identity”, for its acronym in English) that have been working for more than half a decade to create authentication methods that prevent the user and the provider from using a system of passwords. Their proposals are based on cryptographic keys and have been used for a long time by professionals and advanced users. Now they reach the masses.
When a user registers on a web page or an application, the operating system or the base browser that he is using will propose to manage this new identity under a biometric identifier (his face, his fingerprint, etc.) that will be stored in an environment safe within the device itself. This key is a huge string of numbers and letters that will never leave the phone.
Passwords are replaced by biometric data that shows that we are ourselves
The web page or application stores on its servers a sister key, known as a “public key”, which goes together with the private key. The public key can only be “interpreted” through the private key, and it is tied to that platform and would never be repeated. Thus, if a hacker accesses the databases, he would not be able to see the users’ passwords.
When will it arrive?
Many browsers such as Firefox, Chrome, or Edge already use this system, but not all computers have compatible biometric systems. Some have fingerprint readers, but they are minor. Most mobiles nowadays have a fingerprint reader, so it is a great advance for this system.
The change will not be automatic, because the creators of each application must adapt their registration and user connection system to this type of platform. So each application will be different. Once done, the biometric identifications could be coordinated through cloud systems such as Google’s Smart Lock. This would ensure a smooth transition when the user purchases a new phone, or between multiple devices.