Google Enables Web-Based Biometric Authentication on Android Devices

Biometrics News - Google Enables Web-Based Biometric Authentication on Android Devices

Google has enabled biometric authentication for people trying to access Google services on Android phones. To use the feature, users must link their phone to their Google account, at which point they can use the fingerprint sensor on their device to prove their identity and log in.

For the moment, biometric authentication is only available for Google’s Password Manager, and only for Pixel phones. However, Google has indicated the feature will be coming to any phone running Android 7.0 (or something more recent) in the next few days, while the service will presumably make its way to services like Gmail at some point in the future.

Though limited, the feature is noteworthy because biometric authentication is usually conducted through an app. According to Google, this is the first time such an interaction has taken place entirely through the web. The company notes that the fingerprint is never stored on its own servers, and is instead stored locally on the user’s phone, which then tells Google that a positive identity check was made following a scan.

It also marks a step forward for password-free technology. The new feature meets the latest FIDO2, W3C WebAuthn, and FIDO CTAP standards, and builds on Google’s existing support for all three platforms. The tech giant turned all Android 7 phones into FIDO-certified devices back in April, and was one of several companies that backed the WebAuthn standard when it was launched in 2018.

Users who link their phone to their Google account will also able to use screen lock to access the Password Manager, which means they’ll be able to log in with the PIN or password that unlocks their home screen. Having said that, PINs and passwords are generally not as secure as biometric authentication.  

Sources: Ars Technica, Wired