Android uses biometrics in a step away from passwords

Google’s mobile operating system, Android, has found a way to replace passwords with a stored fingerprint when accessing web services. This is a move away from the reliance on traditional passcodes and a step towards using alternative and quicker log in methods.

Many mobiles already require a fingerprint to log in to the physical device and download apps from both Android and Apple iOS. However, Google has teamed with Chrome and Android to take this tech one stage further and use fingerprint biometrics to access web services too.

Google software engineer Dongjing He and product manager Christiaan Brand wrote in a blog post, “New security technologies are surpassing passwords in terms of both strength and convenience,”

For the next few days, the trail will be available on the Pixel device and all Android 7+ devices.

How it all works

In discussing the making of the structure, He and Brand say:  “These enhancements are built using the FIDO2 standards, W3C WebAuthn and FIDO CTAP, and are designed to provide simpler and more secure authentication experiences. They are a result of years of collaboration between Google and many other organizations in the FIDO Alliance and the W3C.”

They continued: “An important benefit of using FIDO2 versus interacting with the native fingerprint APIs on Android is that these biometric capabilities are now, for the first time, available on the web, allowing the same credentials be used by both native apps and web services. This means that a user only has to register their fingerprint with a service once and then the fingerprint will work for both the native application and the web service.”

Safety and security

The announcement comes four years after Google publicized its plans to remove passwords from logins by the end of 2016. Although the brand was unsuccessful in its pledge on that occasion, the new statement shows a massive opportunity for progression in cyber security.

He and Brand make it clear that in terms of keeping data safe, the fingerprint will only be kept on the device and will not be sent to Google’s server. The print will only be used as “cryptographic proof that you’ve correctly scanned it is sent to Google’s servers”

Although a huge step forward in the world of biometric security, the statement from Android comes around the same time that, in other news, researchers have discovered a huge data breach in the global biometric security company, Suprema.