Saturday, June 22, 2024

Bye! Bye! for Password! Now Access Google Accounts in Your Android Phone Using Fingerprints via Chrome

Google releases a new announcement for Android users to authenticate the web-based google services in chrome for Android using a fingerprint instead of traditional password-based authentication and the feature called FIDO2-based local user verification for Google Accounts.

A password-based authentication protects billion of Android users but now its surpassed by the fingerprint-based authentication which is now available for on Pixel devices and the feature rolling out for Android 7+ devices and reach to users within next few days.

This new feature will increase the security from password-based attacks such as phishing on the web and reduce the burden from keep on remembering the passwords.

In order to provide high-level secure authentication for Google users, the new fingerprint-based authentication implemented using the FIDO2 standards, W3C WebAuthn, and FIDO CTAP.

This is the first time fingerprint-based authentication available on the web and it required to register the users at only once and then use the same Fingerprint authentication for both web service and native apps that installed in users Android phone.

Fingerprint
Fingerprint authentication experience when viewing your saved password for a website on passwords.google.com

Here the FIDO2 is playing a major role and the fundamental part of the FIDO2 design let never share your fingerprint to Google servers instead of that it only shares the correctly scanned cryptographic proof.

Fingerprints Authentication Working Mechanism

When the users accessing Google services such as Passwords.google.com, First it issues the WebAuthn, a core component of the FIDO2 Project that helps to authenticate the users to web-based applications.

FIDO2 Project is a joint effort between the FIDO Alliance and the World Wide Web Consortium (W3C) whose goal is to create a strong authentication solution for the web.

According to Google. ” Now, when the user visits a compatible service, such as passwords.google.com, we issue a WebAuthn “Get” call, passing in the credentialId that we got when creating the credential. The result is a valid FIDO2 signature. “

Fingerprint
the architecture of using fingerprint or screen lock on Android devices (Source: Google)

Now you can experience this new feature in passwords.google.com, a Google web service to access your saved password for update and edit, follow these steps.

  • Open the Chrome app on your Android device
  • Navigate to https://passwords.google.com
  • Choose a site to view or manage a saved password
  • If you tap on any one of these saved passwords, then Google will prompt you to “Verify that it’s you,”
  • At this pointYou can use the Fingerprint that you have already set up for unlocking your android

Google also advised to protecting your accounts with two-step verification (2SV), including Titan Security Keys and Android phone’s built-in security key to protect from attackers who continuously attempt to break your password.

Sponsored:  – Manage all the Endpoint networks from a single Console.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Website

Latest articles

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from Promokit.eu for...

Beware Of Illegal OTT Platforms That Exposes Sensitive Personal Information

A recent rise in data breaches from illegal Chinese OTT platforms exposes that user...

Beware Of Zergeca Botnet with Advanced Scanning & Persistence Features

A new botnet named Zergeca has emerged, showcasing advanced capabilities that set it apart...

Mailcow Mail Server Vulnerability Let Attackers Execute Remote Code

Two critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) affecting Mailcow versions before 2024-04 allow attackers to...

Hackers Attacking Vaults, Buckets, And Secrets To Steal Data

Hackers target vaults, buckets, and secrets to access some of the most classified and...

Hackers Weaponizing Windows Shortcut Files for Phishing

LNK files, a shortcut file type in Windows OS, provide easy access to programs,...

New Highly Evasive SquidLoader Attacking Employees Mimic As Word Document

Researchers discovered a new malware loader named SquidLoader targeting Chinese organizations, which arrives as...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles