Google's latest move allows Android users to forget some passwords forever
Google announced todaythat starting with the Pixel handsets, you can verify your identity with some Google services on the web by using your fingerprints or a screen lock instead of a password. While the Pixels will get this new feature today, over the next few days it will be pushed out to Android devices running Android 7 Nougat and higher. Using the FIDO2 standard, designed to improve authentication on the web (as opposed to on an Android app) users will only have to register their fingerprint or screen lock on their phone once to use it for a native app or the compatible Google services sites on the internet.
Google points out to those worried about privacy, that fingerprints are never sent to Google's servers and are stored securely on the user's phone. Google's servers do receive proof that you correctly scanned your fingerprint via a message that is disguised using cryptography. And you can test out how well this new system works by running a little test on your Android device. First, your device must be running Android Nougat or higher and contain your Google Account. The device must have a valid screen lock like a fingerprint scanner, a PIN or a pattern lock. Then, you follow these directions:
- Open the Chrome browser on your device and go to https://passwords.google.com.
- Choose a site to view or a password to manage
- Follow the instructions to verify that it is you signing in.
So what is the advantage for Android users? Glad you asked. You won't have to worry about having to remember a password when signing onto certain Google services sites on the web. That means that the part of your brain that stored these passwords can be freed up for more important things like pop culture trivia.
"An important benefit of using FIDO2 versus interacting with the native fingerprint APIs on Android is that these biometric capabilities are now, for the first time, available on the web, allowing the same credentials be used by both native apps and web services. This means that a user only has to register their fingerprint with a service once and then the fingerprint will work for both the native application and the web service."-Google
There is nothing you need to do to set this up on your Android phone. So just sit back and clear your mind of some passwords that you won't need to remember any longer.
Things that are NOT allowed: