After Microsoft, it’s now Google’s turn to rid the world of passwords. The tech giant’s now begun rolling out a new feature that allows Android users to use their phone’s hardware features to log into Google’s web services.
The entire idea of not having to remember a password itself makes this new feature endearing but that’s not all. This is also far more secure. Allow us to explain.
Passwords inherently comes with all kinds of vulnerabilities, even if you consider ignoring the fact that a lot of people reuse them across sites and services. However, with this method, credentials are stored locally on your device so they can’t be intercepted by a company’s servers. Additionally, as pointed out by The Verge, locally stored credentials are also impossible to “phish” by tricking you into visiting a fake website.
Whenever you log into a service which could involve the use of sensitive information, Google often throws up the sign-in screen again to make sure it’s really you. For example, passwords.google.com shows a list of saved credentials, but to actually see the email address and password you need to enter your main Google Account login credentials. Well, this is the bit that Google’s planning to simplify.
Google is leveraging FIDO2 and the WebAuthn standards — both protocols which allow native apps and websites to benefit from the fingerprint you already registered when you first got that phone.
With this feature enabled, if you tap on any one of these saved passwords on passwords.google.com, then Google will prompt you to “Verify that it’s you,” at which point, you can authenticate using your fingerprint or any other method you’d usually use to unlock your phone.
This sign-in feature is currently available on all Pixel and Android 7.0+ devices that have a screen lock. The only prerequisite is that you’re signed in into your personal Google Account on the device.