sb-eu logo
Story image

Android OS now FIDO2 certified, accelerating global migration

27 Feb 2019

Authentication organisation FIDO Alliance has announced that Android is now FIDO2 Certified, bringing simpler, stronger authentication capabilities to over a billion devices using the platform every day.

With this news, any compatible device running Android 7.0+ is now FIDO2 Certified out of the box or after an automated Google Play Services update.

This gives users the ability to leverage their device’s built-in fingerprint sensor and/or FIDO security keys for secure passwordless access to websites and native applications that support the FIDO2 protocols.

Web and app developers can now add FIDO strong authentication to their Android apps and websites through a simple API call, to bring passwordless, phishing-resistant security to a rapidly expanding base of end users who already have leading Android devices and/or will upgrade to new devices in the future.

“Google has worked with the FIDO Alliance and W3C to standardise FIDO2 protocols, which give any application the ability to move beyond password authentication while offering protection against phishing attacks.

“The announcement of FIDO2 certification for Android helps move this initiative forward, giving our partners and developers a standardised way to access secure keystores across devices, both in the market already as well as forthcoming models, in order to build convenient biometric controls for users,” says Google product manager Christiaan Brand.

Already supported in the market by leading web browsers Google Chrome, Microsoft Edge, and Mozilla Firefox (with preview support by Apple Safari), FIDO2 is comprised of the World Wide Web Consortium’s (W3C) Web Authentication specification and the corresponding Client to Authenticator Protocol (CTAP) from FIDO Alliance.

Collectively, these standards enable users to more easily and securely log in to online services with FIDO2-compliant devices such as fingerprint readers, cameras and/or FIDO security keys.

“FIDO2 was designed from day one to be implemented by platforms, with the ultimate goal of ubiquity across all the web browsers, devices and services we use every day,” says FIDO Alliance executive director Brett McDowell.

“With this news from Google, the number of users with FIDO Authentication capabilities has grown dramatically and decisively. Together with the web browsers that are already FIDO2 compliant, now is the time for website developers to free their users from the risk and hassle of passwords and integrate FIDO Authentication.”

FIDO2’s simple user experiences are backed by cryptographic security that is transparent to the user and protects against phishing, man-in-the-middle and attacks using stolen credentials.

FIDO2 support has been growing since the specifications were introduced last spring.

In addition to browser and platform support, several FIDO2 Certified products have been announced to support implementation.

FIDO Certification

The FIDO Alliance certifies authentication devices like biometrics and/or security keys, clients and servers to verify that they comply with FIDO specifications including FIDO2 and meet certain security profiles.

This ensures that web users can use their FIDO Certified device across all FIDO-enabled web services for a seamless experience.

For websites and organisations, they need only to FIDO-enable once and gain access to all FIDO Certified devices in the market.

OEMs can further differentiate their devices to meet added market requirements by taking part in security level testing -- which evaluates how strongly the user’s authentication credentials are protected.

FIDO Alliance

The FIDO (Fast IDentity Online) Alliance was formed in July 2012 to address the lack of interoperability among strong authentication technologies and remedy the problems users face with creating and remembering multiple usernames and passwords.

The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords.

FIDO Authentication is stronger, private, and easier to use when authenticating to online services

Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More
Story image
Malware and email scams targeting employees spread rapidly in Q2
"Businesses must stay alert and should employ defense-in-depth tactics and equip themselves with multilayered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening."More
Story image
COVID-19 related email threats pose huge risk in 2020
According to the company’s annual mid-year roundup report, Trend Micro blocked 8.8 million COVID-19 related threats, nearly 92% of which were email-based.More
Story image
Phishing scam imitates SharePoint & OneNote for nefarious clicks
Sophos researchers say that the attackers take a slightly different approach to the standard ‘fake login’ phishing email.More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
Emotet malware is on a rampage after months of silence
CERT agencies around the world are reporting a surge in cyber attacks related to the Emotet malware, which is being distributed by email.More