Google has taken an important step into a future that doesn't require passwords, letting phone users log on to some websites using just their Android phones. That means you'll be able to sign into a site using a passcode or fingerprint, starting with Google's Pixel phones Monday and spreading to other relatively recent Android phones in coming days, Google said.
"This new capability marks another step on our journey to making authentication safer and easier for everyone to use," said two Google team members, Dongjing He and Christiaan Brand, in a blog post Monday. For now, the service works on Google's passwords.google.com website, but the company plans to expand it to other Google services.
In case you hadn't got the memo, passwords are awful -- the ones that are most secure happen to be the ones that are hardest to type and remember. That's even leaving aside the issue of the many breaches that have splattered passwords and other personal data all over the internet. Google's use of Android as an authentication device is an important step beyond password problems.
But it's only a small step for now. Google offers it only in "step-up" situations where you're confirming your authentication rather than first-time logins. So this demotes passwords without actually getting rid of them. Microsoft is a notch more aggressive in moving its online services like Outlook.com, Skype, OneDrive and Xbox Live to a post-password design.
For higher-security situations, like logging onto a new device for the first time, Google offers support for hardware security keys, including its own Titan models and third-party models from companies like Yubico. That, too, is enabled by FIDO2.