X

Google now offers no-password login -- if you have an Android phone

It's a small but important step to dumping a flawed part of online security. A standard called FIDO2 makes it possible.

stephenshankland.jpg
stephenshankland.jpg
Stephen Shankland principal writer
Stephen Shankland has been a reporter at CNET since 1998 and writes about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertise processors, semiconductors, web browsers, quantum computing, supercomputers, AI, 3D printing, drones, computer science, physics, programming, materials science, USB, UWB, Android, digital photography, science Credentials
  • I've been covering the technology industry for 24 years and was a science writer for five years before that. I've got deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and other dee
See full bio
Stephen Shankland
2 min read
Fingerprint security image

Who needs a password when you've always got this at your disposal?

 James Martin/CNET

Google has taken an important step into a future that doesn't require passwords, letting phone users log on to some websites using just their Android phones . That means you'll be able to sign into a site using a passcode or fingerprint, starting with Google's Pixel phones Monday and spreading to other relatively recent Android phones in coming days, Google said.

"This new capability marks another step on our journey to making authentication safer and easier for everyone to use," said two Google team members, Dongjing He and Christiaan Brand, in a blog post Monday. For now, the service works on Google's passwords.google.com website, but the company plans to expand it to other Google services.

In case you hadn't got the memo, passwords are awful -- the ones that are most secure happen to be the ones that are hardest to type and remember. That's even leaving aside the issue of the many breaches that have splattered passwords and other personal data all over the internet. Google's use of Android as an authentication device is an important step beyond password problems.

ms-pw-thumb
Watch this: Inside a password-free future

But it's only a small step for now. Google offers it only in "step-up" situations where you're confirming your authentication rather than first-time logins. So this demotes passwords without actually getting rid of them. Microsoft is a notch more aggressive in moving its online services like Outlook.com, Skype, OneDrive and Xbox Live to a post-password design.

Both the moves are made possible with an open authentication standard called FIDO2 that Google helped to develop through a consortium called the Fast Identity Online (FIDO) Alliance.

For higher-security situations, like logging onto a new device for the first time, Google offers support for hardware security keys, including its own Titan models and third-party models from companies like Yubico. That, too, is enabled by FIDO2.

All the different Android versions through the years

The simplicity of the Android brand name and mascot is at odds with the diverse, fragmented Android device market.
g1-use-3502
+14 more
See all photos

Mobile Guides

Phones

Foldable Phones

Headphones

Mobile Accessories

Smartwatches

Wireless Plans