Thursday, October 10, 2024
HomeAndroidBye! Bye! for Password! Now Access Google Accounts in Your Android Phone...

Bye! Bye! for Password! Now Access Google Accounts in Your Android Phone Using Fingerprints via Chrome

Published on

Google releases a new announcement for Android users to authenticate the web-based google services in chrome for Android using a fingerprint instead of traditional password-based authentication and the feature called FIDO2-based local user verification for Google Accounts.

A password-based authentication protects billion of Android users but now its surpassed by the fingerprint-based authentication which is now available for on Pixel devices and the feature rolling out for Android 7+ devices and reach to users within next few days.

This new feature will increase the security from password-based attacks such as phishing on the web and reduce the burden from keep on remembering the passwords.

- Advertisement - EHA

In order to provide high-level secure authentication for Google users, the new fingerprint-based authentication implemented using the FIDO2 standards, W3C WebAuthn, and FIDO CTAP.

This is the first time fingerprint-based authentication available on the web and it required to register the users at only once and then use the same Fingerprint authentication for both web service and native apps that installed in users Android phone.

Fingerprint
Fingerprint authentication experience when viewing your saved password for a website on passwords.google.com

Here the FIDO2 is playing a major role and the fundamental part of the FIDO2 design let never share your fingerprint to Google servers instead of that it only shares the correctly scanned cryptographic proof.

Fingerprints Authentication Working Mechanism

When the users accessing Google services such as Passwords.google.com, First it issues the WebAuthn, a core component of the FIDO2 Project that helps to authenticate the users to web-based applications.

FIDO2 Project is a joint effort between the FIDO Alliance and the World Wide Web Consortium (W3C) whose goal is to create a strong authentication solution for the web.

According to Google. ” Now, when the user visits a compatible service, such as passwords.google.com, we issue a WebAuthn “Get” call, passing in the credentialId that we got when creating the credential. The result is a valid FIDO2 signature. “

Fingerprint
the architecture of using fingerprint or screen lock on Android devices (Source: Google)

Now you can experience this new feature in passwords.google.com, a Google web service to access your saved password for update and edit, follow these steps.

  • Open the Chrome app on your Android device
  • Navigate to https://passwords.google.com
  • Choose a site to view or manage a saved password
  • If you tap on any one of these saved passwords, then Google will prompt you to “Verify that it’s you,”
  • At this pointYou can use the Fingerprint that you have already set up for unlocking your android

Google also advised to protecting your accounts with two-step verification (2SV), including Titan Security Keys and Android phone’s built-in security key to protect from attackers who continuously attempt to break your password.

Sponsored:  – Manage all the Endpoint networks from a single Console.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Chrome Security Update, Patched for High-Severity Vulnerabilities

Google has rolled out a new update for its Chrome browser, addressing several high-severity...

Octo2 Android Malware Attacking To Steal Banking Credentials

The original threat actor behind the Octo malware family has released a new variant,...