Google Set to Kill Passwords for Android Apps

Senior editor, security and privacy
Updated

You'll be able to sign into Android apps without a password a year or so from now, now that Google's mobile operating system has been officially certified by the FIDO2 Alliance.

Credit: Tom's GuideCredit: Tom's Guide"Any compatible device running Android 7.0+ is now FIDO2 Certified out of the box or after an automated Google Play Services update," the FIDO Alliance said today (Feb. 25) in a press release from Mobile World Congress in Barcelona, Spain. "This gives users the ability to leverage their device's built-in fingerprint sensor and/or FIDO security keys for secure passwordless access to websites and native applications that support the FIDO2 protocols."

MORE: Best Password Managers

In plain English, this means app makers can now begin to enable password-less logins for apps developed for Android 7 Nougat and later. You will be able to log in using a fingerprint reader or a physical security key once those apps are ready, whenever that is, and you may eventually be able to use iris scans or facial recognition as well. (We'd bet you'll still need to create a PIN or pattern lock, at least as a backup, to secure your Android phone's screen.)

FIDO stands for "Fast IDentity Online," and the FIDO Alliance was set up six years ago to standardize authentication processes among multiple platforms. The original FIDO specifications aimed to supplement passwords with two-factor-authentication formats such as USB and NFC security keys, biometric readers and other hardware-based protocols.

The FIDO2 specifications, announced early in 2018, aim to replace passwords entirely. The Google Chrome, Microsoft Edge and Mozilla Firefox desktop web browsers all support FIDO2. But not many websites do yet, which means you'll have to keep using passwords for a while.