Google has announced that from today it is possible use the fingerprint or other form of smartphone authentication instead of the password to access their own services through the web.
The function is now available for users of Pixel devices and will be extended to all devices running Android 7 Nougat or higherr in the next few days.
The function is based on the FIDO2 W3C WebAuthn and FIDO CTAP (Client to Authenticator Protocol) standards that allow the use of biometrics in web pages.
An important advantage of using FIDO2 over the interaction with native fingerprint APIs on Android is that these biometric capabilities are, for the first time, available on the web, which allows using the same credentials for both native applications and services Web.
The service requires the user to register their fingerprint once and, thereafter, the login to the service is done directly through the fingerprint / pattern unlock, both for the native application and for the web service.
The company adds that User fingerprint or other information is never sent to the server. The information is stored securely on the device itself and only a "cryptographic" proof of the authenticity of your identity is sent to the web service, something the company calls «Fundamental part of the design of FIDO2». The service also works for those who have activated two-step verification.
Google says the ability to sign in with alternative authentication methods will be extended to more Google and Google Cloud services soon. The company plans to incorporate this function into more Google services and other third-party services that can be linked to your Google account through the Web, both on mobile devices and desktops.