Given the tendency for people to use weak or reused passwords, the security industry, organized by the FIDO (Fast Identity Online) consortium, has been working hard to replace passwords. Two-factor authentication (2FA) helps with this, but the future is “passwords,” which Android and Google are ready to support.
About APK Insights: In this “APK Insight” post, we decompiled the latest version of the app that Google uploaded to the Play Store. When we decompiled these files (called APKs in Android apps), we were able to see various lines of code hinting at possible future features. Keep in mind that Google may or may not release these features, and our interpretation of them may not be complete. However, we will try to make those near-finished products to show you how they will look when they ship. With that in mind, read on.
If adopted successfully, logging into the web service will no longer require a password. This includes those that autofill, a common behavior of password managers built into today’s browsers and operating systems. In contrast, the FIDO method utilizes an encryption key. The end user just needs to unlock their device (password, fingerprint, face unlock, etc.) before login takes place.
During registration with the online service, the user’s client device creates a new key pair. It keeps the private key and registers the public key to the online service. Authentication is done by the client device, proving possession of the service’s private key by signing a challenge.
FIDO Alliance
Instead of passwords, you will have “passwords” stored on the cloud sync service related to the device and operating system. For Android, the password (the name Apple will also use) is saved to your Google account (probably using a similar password manager), as explained by a new string in the latest version of Google Play Services (version 22.15). 14).
Learn more
You’ll still need to know your primary Google Account (or Apple ID) password, especially when switching to a new device, but this fully realized future means that’s all you really need to remember.
Just like a password manager handles passwords, the underlying operating system platform will “synchronize” encryption keys belonging to FIDO credentials between devices. This means that the security and availability of a user’s synced credentials depends on the security of the underlying OS platform (Google, Apple, Microsoft, etc.) authentication mechanisms for their online accounts, and loss on all (old) devices.
FIDO March 2022 White Paper
Work in Play services is still a work in progress, and third-party adoption is an important requirement for all of this work. Today’s string suggests that Google will be making a user-facing push to encourage adoption of passwords, as seen in “Hello passkeys, goodbye passwords” and the cover image above.
FTC: We use car affiliate links to earn revenue. more.
Check out 9to5Google on YouTube for more news:
