Apr 13th 2020

Biometric FIDO2 Based Login for Google Accounts

Google recently announced on their Security Blog that you can login to certain Google services, such as Chrome, on your Pixel and Android 7+ devices using your fingerprint or screen lock, instead of using your password. This is made possible from FIDO2 Standards, WebAuthn and FIDO CTAP and many years of collaboration with members in the FIDO Alliance. 

"Passwords, combined with Google's automated protections, help secure billions of users around the world. But, new security technologies are surpassing passwords in terms of both strength and convenience. With this in mind, we are happy to announce that you can verify your identity by using your fingerprint or screen lock instead of a password when visiting certain Google services. The feature is available today on Pixel devices and coming to all Android 7+ devices over the next few days."

According to Google,

"An important benefit of using FIDO2 versus interacting with the native fingerprint APIs on Android is that these biometric capabilities are now, for the first time, available on the web, allowing the same credentials be used by both native apps and web services. This means that a user only has to register their fingerprint with a service once and then the fingerprint will work for both the native application and the web service.

Note that your fingerprint is never sent to Google’s servers - it is securely stored on your device, and only a cryptographic proof that you’ve correctly scanned it is sent to Google’s servers. This is a fundamental part of the FIDO2 design."