Given the rising cybersecurity concerns, robust passwords are a great way to safeguard the data in your online accounts. But some people don’t hesitate to choose passwords like 123456, which defeats the whole point of it. Adding to the pain is the fact that now we have got so many passwords to remember.
So, tech companies are now trying to figure out new ways to secure users online. And this includes making humans the password themselves, i.e., using our biometric data for authentication.
Moving further on what we heard earlier this year, Google has now added password-less login options to some Google services for Pixel devices. In the coming days, the said features will be pushed to Android devices running Android 7.0 Nougat and above.
This new change will allow users to do local authentication using the fingerprint or screen lock on their Android device. However, for that, Google is using the new FIDO2, FIDO CTAP and W3C’s WebAuthn standards instead of Android’s native fingerprint APIs.
WebAuthn is making progress every day to become an industry standard as leading browsers including Firefox, Edge, and Google Chrome already offer support for it.
Using these standards allows the company to provide password-less sign-in options on smartphone apps and web services. Moreover, for added security, the biometric data of the user is always stored on the device itself.
How to enable password-less login on your Pixel?
For some unknown reason, I wasn’t able to activate the said feature on our Pixel 3. But you can try the new authentication method if you have a compatible device. Make sure that you have signed-in with your Google account on your phone and already set up a screen lock (PIN or Pattern) on your phone.
Next, go to passwords.google.com using Google Chrome, tap on a saved website credential and follow the instructions.
Google already has two-step verification (2SV) methods in place that are performed using Titan physical keys or your Android device as a security key.
2SV is also based on the FIDO2 standard but differs from the new password-less local user verification. While 2SV uses a phone to make sure that a user is the rightful owner of the account being accessed, the new options are implemented after 2SV and are used to re-authenticate a user who is already sign-in.