Google is looking to make the internet a safer and far more secure place for all users. The latest update from Google spells the end of the ‘password’ over the next decade.
Android last month received certification to run the FIDO2 authorisation standard. Instead of using passwords, Android users will soon be able to sign in with the face or fingerprint reader on their device. Furthermore, FIDO2 supports hardware-based security keys that can be plugged into a PC’s USB port to authorise and unlock accounts without a password.
“The important, often overlooked, part of this technology is actually not allow users to use biometrics to sign in, but rather moving authentication from a ‘shared secret’ model – in which both you and the service you’re interacting with needs to know some ‘secret’ like your password – to an ‘asymmetric’ model where you only need to prove that you know a secret, but the remote service doesn’t actually get to know the secret itself”, said Google identity and security product manager Christiaan Brand in a statement.
The main benefit of FIDO2 authorisation is that it absolves websites of liability and places the security of your account solely in your keeping. With more than a billion passwords having been hacked over the past decade, the introduction of this new authorisation standard could significantly decrease online fraud.
Since this article was published, the World Wide Web Consortium (W3C) has also approved a new authorisation standard named WebAuthn. At its core, WebAuthn is a plugin that allows websites to implement software that will communicate with a security device (similar to the FIDO2) to login to the website.
Will you feel safer using your fingerprint or face as your password manager in your smart device?