You can now enable Touch-ID website logins on Google Android

Today, the FIDO Alliance and the World Wide Web Consortium (WC3) announcement that the Android operating system received FIDO2 certification. This will allow Android users to use their fingerprint – rather than a password – to sign in to websites and other services.

Developers will now be able to add passwordless authentication to their web apps and login pages, as well as their native Android apps after an automated update from Google Play services. Here’s how to set everything up on Android.

While many Android devices and apps have already included fingerprint-based logins, the implementation of FIDO2 is different and its adoption on Android means that we are likely moving closer to a future where passwords are stale.

How to set up web connections without password on Android

Once FIDO2 support is rolled out to your device, you will only be able to use Fingerprint ID to log into websites that allow it, although more will likely start implementing fingerprint logins. , because around a billion new devices will soon support the feature. To use passwordless logins on these websites, you will need the following:

  1. A device running at least Android 7.0 or higher.

  2. The most recent update for Google Play services. These updates are usually done automatically, but you can check by opening the app’s Google Play store page on your device to see if a new version is available.

  3. Next, you will need to set up your fingerprint profile on your Android device if you haven’t already.

  4. Once you’ve registered your fingerprint ID, you can now use your Android device’s fingerprint sensor to sign in to websites and web apps while browsing Chrome, Firefox, and Microsoft Edge ( provided that the website supports authentication without password in the first place).

Is it secure?

Like any security measure, fingerprint identification carries risks. Therefore, doubling down with another method (password, PIN, facial recognition, or puzzle bridge troll) is the best practice. However, the FIDO2 protocol is incredibly secure and adds an extra layer of protection by preventing users from using fingerprint-based web logins on insecure web domains and websites with shady (or phished) URLs. FIDO2 can also protect you in the event of a security breach. Unlike a password system, which requires both the user and the application / service to know the password, FIDO2 only requires the user to enter the correct authentication information.

Essentially, using your Android device’s fingerprint sensor will work the same as unlocking your lock screen or signing in to certain apps – your personal information and fingerprint profile data is stored locally. on the device and are never shared with any apps or websites you connect to. Instead, your device verifies that the fingerprint matches the Print ID or Connection Key it stored, then confirms with the app or website that everything is copacetic and logs you in. (or lock you out, in case the information doesn’t match).

And just in case you need more assurance that fingerprint authentication is secure, we’ve got some tips for making your fingerprint data as secure as possible.

Comments are closed.