Google now offers no-password login -- if you have an Android phone
It's a small but important step to dumping a flawed part of online security. A standard called FIDO2 makes it possible.
- Shankland covered the tech industry for more than 25 years and was a science writer for five years before that. He has deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and more.
Who needs a password when you've always got this at your disposal?
Google has taken an important step into a future that doesn't require passwords, letting phone users log on to some websites using just their Android phones . That means you'll be able to sign into a site using a passcode or fingerprint, starting with Google's Pixel phones Monday and spreading to other relatively recent Android phones in coming days, Google said.
"This new capability marks another step on our journey to making authentication safer and easier for everyone to use," said two Google team members, Dongjing He and Christiaan Brand, in a blog post Monday. For now, the service works on Google's passwords.google.com website, but the company plans to expand it to other Google services.
In case you hadn't got the memo, passwords are awful -- the ones that are most secure happen to be the ones that are hardest to type and remember. That's even leaving aside the issue of the many breaches that have splattered passwords and other personal data all over the internet. Google's use of Android as an authentication device is an important step beyond password problems.
But it's only a small step for now. Google offers it only in "step-up" situations where you're confirming your authentication rather than first-time logins. So this demotes passwords without actually getting rid of them. Microsoft is a notch more aggressive in moving its online services like Outlook.com, Skype, OneDrive and Xbox Live to a post-password design.
Both the moves are made possible with an open authentication standard called FIDO2 that Google helped to develop through a consortium called the Fast Identity Online (FIDO) Alliance.
For higher-security situations, like logging onto a new device for the first time, Google offers support for hardware security keys, including its own Titan models and third-party models from companies like Yubico. That, too, is enabled by FIDO2.
