FIDO Alliance and Google announced today that Android (version 7.0 and higher) with the latest version of Google Play Services is now FIDO2 certified. At first glance this sounds pretty boring, but developers can use it to write apps that use a fingerprint scanner of the phone or a FIDO security key to authenticate users without having to enter a password. Not knowing too many people who like to enter complicated passwords, which their IT department changes every few months, is a big deal.
Developers can sign up for password-less applications on their Web and enable native apps. Chrome, Microsoft Edge and Firefox already fully support this feature, as does Safari from Apple (but only in preview). In addition to convenience, FIDO2 also promises phishing-resistant security because this technology does not allow authentication on a malicious Web site.
So any application can go beyond password authentication while protecting against phishing attacks, "said Google Product Manager Christiaan Brand. "Today's FIDO2 Certification Announcement for Android is helping to drive this initiative, providing our partners and developers with a standardized way to access secured keystores, both on the market and for future models, with convenient biometric controls to create users. "
It's worth noting that Android already supports passwordless authentication for native apps. Now these are also supported for browser logins. Once you set up this new authentication mechanism (and web apps support it), your phone stores all the cryptographic data on the device, and, for example, no raw fingerprint data is transmitted to other people.  The FIDO alliance says this new mechanism will soon enable one billion users on modern Android devices to sign up without a password. While developers need to implement support in their web and native applications, this is relatively easy.