Exciting news from Google: starting today, any phone running Android 7+ can function as a FIDO2 security key. Android users can now use their phones to log into their Google accounts on Windows, Chrome OS or macOS devices with phishing-resistant FIDO Authentication. Google’s Android platform was FIDO2 Certified in February.
This is a significant first in the world of FIDO. While the WebAuthn component of FIDO2 enables FIDO Authentication to be built directly into browsers and platforms, Google’s newest offering utilizes the complementary component of FIDO2 — the Client to Authenticator Protocol (CTAP). CTAP is what facilitates the use of external devices like FIDO security keys or mobile devices for logins on FIDO2-enabled browsers and operating systems. Google’s announcement is the first implementation of FIDO2 CTAP with a mobile device that we’re seeing in action.
This a great example of how both components of FIDO2 work together to provide more choice and flexibility to service providers rolling out FIDO Authentication. Now, users can add Android 7+ devices to the long list of options available to protect themselves from phishing and other credential-based attacks with FIDO Authentication. Currently, your Android phone can be a security key only for Google accounts; however, we look forward to seeing it become available for all FIDO2-enabled services sometime in the future.
Check out Google’s announcement here for more details on how to get started with this new capability today.
