Google’s Android operating system is now certified to employ the FIDO2 open authentication standard, a development that could help owners of more than a billion Android devices phase out the use of passwords when logging in to online services.

As an alternative to potentially insecure passwords, FIDO2 instead offers the option of using fingerprints or FIDO security keys to log into browsers, websites and apps that support FIDO2 protocols. As a result of the certification, devices operating on Android 7.0 or higher will be FIDO2-enabled either out of the box or after an automated Google Play Services update.

FIDO2 is comprised of both the World Wide Web Consortium’s (W3C) web authentication specification and FIDO Alliance’s Client to Authenticator Protocol (CTAP).

“Google has long worked with the FIDO Alliance and W3C to standardize FIDO2 protocols, which give any application the ability to move beyond password authentication while offering protection against phishing attacks,” said Christiaan Brand, product manager at Google in a press release. “Today’s announcement of FIDO2 certification for Android helps move this initiative forward, giving our partners and developers a standardized way to access secure keystores across devices, both in market already as well as forthcoming models, in order to build convenient biometric controls for users.”

“FIDO2 was designed from day-one to be implemented by platforms, with the ultimate goal of ubiquity across all the web browsers, devices and services we use every day,” said Brett McDowell, executive director of the FIDO Alliance, in the same press release. “With this news from Google, the number of users with FIDO Authentication capabilities has grown dramatically and decisively. Together with the leading web browsers that are already FIDO2 compliant, now is the time for website developers to free their users from the risk and hassle of passwords and integrate FIDO Authentication today.”

Source: https://www.scmagazine.com/home/security-news/android-officially-adopts-fido2-authentication-standard-as-alternative-to-passwords/


As a proof of ongoing work towards becoming industry leader in supporting open authentication standards, RCDevs is now proud to announce support for FIDO2 in its awards winning OpenOTP MFA platform. With FIDO2 RCDevs continues on it’s disruptive approach of providing strong authentication as free, for any small business and best in class affordable MFA for businesses of all sizes. With OpenOTP companies can leverage and enjoy the unique advantage of enterprise wide FIDO2 authentication, covering every corner of MFA, from corporate O365 and remote users to desktop login and privileged access.

If you like to start with FIDO2 today, visit rcdevs.com and get your best in class FIDO2 compliant MFA platform for free.


The FIDO Alliance has expanded its certification program to include multi-level security certifications for FIDO authenticators (such as physical security keys and biometrics).

With the authenticators, online service providers can choose the security level appropriate for their business, such as requiring higher FIDO certification for financial transactions than for general account information.


RCDevs extended its solution portfolio with MFA-VPN, a small-to-medium-business VPN server appliance for OpenOTP. MFA-VPN is easy to setup and provides secure remote access for your Active Directory or LDAP users, with pre-included multi-factor features like mobile Push Login (One-Tap login) and Universal Second Factor (FIDO-U2F).


The Fast IDentity Online Alliance has released new specs aimed at mobile and wireless applications, including Bluetooth and near-field communications (NFC), and devices that do not have a USB port.

FIDO, an industry consortium launched in 2013 to revolutionize online security with open standards for simpler, stronger authentication, introduced additions to the FIDO 1.0 specifications with new transport protocols for FIDO U2F.