If you’re like most people, creating and typing in different passwords for all the user accounts you’ve got is probably among the most tedious activities on-line, by far. What’s worse, passwords aren’t even all that secure, as the countless times they’ve been hacked and plastered all over the net proves beyond any reasonable doubt.
To circumvent the tedium and, more importantly, the security risks associated with passwords, Google is now offering no-password, fingerprint-based log-in option to some websites using nothing more fancy than an Android-capable device.
“This new capability marks another step on our journey to making authentication safer and easier for everyone to use,” said Dongjing He and Christiaan Brand in a blog post last Monday.
In addition to being invulnerable to “phishing” attacks, credentials used for the new authentication method can’t be intercepted or hacked off a company’s servers due to being stored locally on your device.
The service is now available for Google’s own Pixel devices and will shortly be rolled out for all smartphones running Android 7 or later. Authentication is done using either fingerprints or whichever method you’re currently using to unlock your phone.
For now, the functionality is only good for viewing and editing the passwords that Google stores for you at passwords.google.com, but should become available for many other Google and Google Cloud services in the near future.
The new feature was made possible with the open authentication standard called FIDO2 – all devices running Android 7 or later are FIDO2-certified – which Google developed in collaboration with a consortium called Fast Identity Online (FIDO) Alliance.