You will soon be able to log into Google websites and services using fingerprint-based verification rather than a password. The company is rolling out the feature via Google Play Services update to all Android 7 and above devices in the next few days.
Announcement
“We are happy to announce that you can verify your identity by using your fingerprint or screen lock instead of a password when visiting certain Google services.
“The feature is available on Pixel devices and coming to all Android 7+ devices over the next few days,” said Dongjing He, Software Engineer and Christiaan Brand, Product Manager at Google, in a blog post on Monday.
New security technologies are surpassing passwords in terms of both strength and convenience.
The new Google enhancements are built using the “FIDO2” standards, W3C WebAuthn and FIDO CTAP, and are designed to provide simpler and more secure authentication experiences.
“An important benefit of using FIDO2 versus interacting with the native fingerprint APIs on Android is that these biometric capabilities are now, for the first time, available on the web, allowing the same credentials be used by both native apps and web services,” they explained.
It means that a user only has to register their fingerprint with a service once and then the fingerprint will work for both the native application and the web service.
Never sent to Google’s servers
Securely stored in device
“Note that your fingerprint is never sent to Google’s servers – it is securely stored on your device, and only a cryptographic proof that you’ve correctly scanned it is sent to Google’s servers.
This is a fundamental part of the FIDO2 design,” said Google. Open the Chrome app on your Android device, navigate to https://passwords.google.com then choose a site to view or manage a saved password.
Follow the instructions to confirm that it’s you trying signing in. Google’s automated defenses securely block the overwhelming majority of sign-in attempts even if an attacker has your username or password.
Further, you can protect your accounts with two-step verification (2SV), including Titan Security Keys and Android phone’s built-in security key.
“As we continue to embrace the FIDO2 standard, you will start seeing more places where local alternatives to passwords are accepted as an authentication mechanism for Google and Google Cloud services,” said the company.
