For the unfamiliar, The FIDO2 Project is a project that was created by the FIDO Alliance. The project has been in development for years. As FIDO Alliance states, “The FIDO2 Project is a set of interlocking initiatives. That together create a FIDO Authentication standard for the web and greatly expands the FIDO ecosystem. FIDO2 is comprised of the W3C’s Web Authentication specification (WebAuthn) and FIDO’s corresponding Client-to-Authenticator Protocol (CTAP), which collectively will enable users to leverage common devices to easily authenticate to online services — in both mobile and desktop environments.”
On Monday at Mobile World Congress (MWC), Both Google and the FIDO Alliance announced that Android has finally added certified support for the FIDO2 standard. Google will be releasing the FIDO2 update through Google Play Services. This will allow devices running Android 7 or later to receive the update without manufacturers needing to do anything.
The FIDO2 update will allow you to log in to supported apps and services with the fingerprint sensor built right into your phone. This, in turn, means that the requirement of a password is no longer necessary. Many browsers and banking applications already support the feature, like Chrome, Microsoft Edge, and Firefox. But with the certification, many more developers will be able to make use of the feature and enable password-less logins in their web apps or their native apps.
Some people might be wondering if the feature is secure enough. FIDO Alliance promises that FIDO2 will deliver ‘phishing-resistant security,’ as the technology will prevent you from authenticating on malicious sites. FIDO2 will keep the authentication of your accounts stored locally on the device. FIDO2 proves to the service that you are the authenticated user without letting the service know details regarding your fingerprint. As Google’s Christiaan Brand puts it, FIDO2 takes away the “shared secret.” You can read more about FIDO2 here.
Could FIDO2 become the future of authentication? Considering fingerprint scanners are becoming a standard on phones, and with the addition of rising security awareness and concerns. FIDO2 can truly kill the password once and for all.