Passwords are out, and biometrics are in, according to a Google Security Blog post on Monday. Android users will soon be able to authenticate themselves on certain Google services with FIDO2-based local user verification. This means users can verify their identities using their fingerprint or screen lock, rather than a password, the post said.
SEE: How to reduce user account lockouts and password resets (free PDF) (TechRepublic)
While passwords were once the standard verification practice, they are proving to be less convenient and secure for users. The majority of people (72%) recycle passwords, and many use easy-to- guess passwords like “qwerty” or “123456,” making passwords an ineffective mode of protection against hackers, even rendering them obsolete.
One of the most popular suggestions as a replacement for passwords is biometric authentication, which uses either a fingerprint or face detection to unlock systems or accounts. Spearheading the movement is Microsoft, recently announcing the removal of password expiration on Windows 10. Microsoft also announced its Windows Hello biometric login system in Windows 10 version 1903, also FIDO2 certified.
Movements toward password elimination call upon other major tech companies to follow suit, if they want to keep their users protected. Apple is currently testing biometric authentication as a new way of signing into iCloud, but it appears Google may beat them to the punch.
Google’s new way of authentication is now available for Pixel devices, and will be available to all Android 7+ devices in the next few days, the post said.
The benefit of FIDO2 standards is that the biometric capabilities are available on the web, which means the same credentials can be used across web services and native apps, the post noted. The user, therefore, only has to register the fingerprint with a single service once.
To try it out, the user must have a phone running Android 7 or later, their personal Google Account added to the Android device, and a valid screen lock to set up the device.
The post outlined the following steps to try the verification method:
- Open the Chrome app on your Android device
- Navigate to https://passwords.google.com
- Choose a site to view or manage a saved password
- Follow the instructions to confirm that it’s you trying signing in
For added security, the post reminded users they can also protect their accounts with two-factor authentication methods including Titan Security Keys and Android phone’s built-in security key.
For more, check out Will mobile devices replace passwords? on TechRepublic.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- 10 dangerous app vulnerabilities to watch out for (TechRepublic download)
- Windows 10 security: A guide for business leaders (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- The best password managers of 2019 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)