Google Rolls Out Password-Free Logins for Android Users

Google Rolls Out Password-Free Logins for Android Users

Throughout all of modern computing history, passwords have been the primary method of securing data. The problems with passwords are numerous, but things are slowly changing with biometrics, hardware security keys, and so on. Google is leveraging several new technologies to make one of its sites password-free, but only for Android users.

Google says it has automated protections that prevent unauthorized individuals from accessing user account, but no system built on passwords is perfect. You’ll never convince everyone to use strong passwords, and some of those who do will have to write them on post-it notes. For the first time, you won’t need to use a password to access your Google account data. However, that’s only true for one service and select Android phones right now.

Starting today, you can go to Google’s password manager site on your smartphone and log in with a tap. The password manager site gives you access to all the account credentials saved in Chrome and Android autofill. So, it’s a wealth of high-value data that could potentially allow an attacker to compromise many of a victim’s accounts. Instead of using a password to log in, you can use the secure unlock method on your phone — for example, your fingerprint. Tap the sensor to verify your identity, and you’re in.

The Pixel 4’s face unlock should work with this feature at launch, but current face unlock methods aren’t secure enough.
The Pixel 4’s face unlock should work with this feature at launch, but current face unlock methods aren’t secure enough.

Google doesn’t have fingerprint data on its servers — that stays locally on your phone. That’s also a fundamental part of the FIDO2 design spearheaded by Google and others. Google registers a platform-bound FIDO credential on your phone that serves to verify your identity not unlike a hardware security key. When you visit the Google password manager, the site uses a WebAuthn “Get” call to retrieve the stored credential. That works as a FIDO2 signature to verify your identity.

Currently, this feature only works on the aforementioned Google password manager site. You’ll also need a Pixel phone. The feature will roll out to all Android phones running version 7 (Nougat) or higher. Since this feature is plugged into the Android secure unlock feature, it should automatically work with any future secure unlock methods. For example, the advanced face unlock capability coming to the Pixel 4. Current Android phones with face unlock won’t count as a secure unlock method for the purposes of Google’s new login feature.

Continue reading

Android 12 Could Include Major App Compatibility Improvements
Android 12 Could Include Major App Compatibility Improvements

Google has attempted to centralize chunks of Android over the years, and a major component called ART is set to get this treatment in Android 12. The result could be vastly improved app compatibility, which is sure to make everyone happy.

Qualcomm’s New Snapdragon 888 Will Power Flagship Android Phones in 2021
Qualcomm’s New Snapdragon 888 Will Power Flagship Android Phones in 2021

The 888 comes with a new CPU design, integrated 5G, and a massive GPU boost. It's shaping up to be the most significant update to Qualcomm's flagship system-on-a-chip (SoC) in years.

Samsung Starts Rolling Out Galaxy S20 Android 11 Update on Verizon
Samsung Starts Rolling Out Galaxy S20 Android 11 Update on Verizon

Not only does this include the Googley Android 11 enhancements, but it also has numerous Samsung-specific changes as part of the One UI 3.0 revamp.

It Turns Out Huawei’s HarmonyOS Is Still Just Android
It Turns Out Huawei’s HarmonyOS Is Still Just Android

Following the Commerce Department's actions against the Chinese megafirm, Huawei has been unable to use Google services on its new phones. The company's solution was to develop HarmonyOS, but now that we've gotten our first real look at it, one thing is clear: this is just Android with a skin.