Following the news that Google and the Fast IDentity Online (FIDO) Alliance announced that devices running Android 7 or later are certified by the FIDO2 standard, meaning that users can forego using passwords and instead use their fingerprint or a PIN to log into browsers or apps on their devices, a director at OneIdentity has offered the following commentary.
Security Expert, Director at OneIdentity:
“This move by Google underlines the evolution of authentication away from single factor authentication using passwords (something the user knows) to multi-factor authentication using bioemetrics (something the user is) and mobile devices (something the user possesses). Users find password authentication increasingly difficult to manage for the many, many online accounts they need to access. Many users don’t practice good password hygiene and use the same password for multiple online accounts which makes phishing attacks so dangerous. Once a hacker captures one password, he can exploit multiple accounts. With Google’s move to the FIDO2 standard, this threat is potentially eliminated for millions of Android users while enhancing user experience.”