Sci-tech

Your phone can now verify you in Google Passwords

Your phone can now verify you in Google Passwords

Google's servers do receive proof that you correctly scanned your fingerprint via a message that is disguised using cryptography. As reported by The Verge, the search giant has begun to let Android version 7 (and up) users verify their identity on some Google services (via Chrome) using non-password authentication methods.

Google points out to those anxious about privacy, that fingerprints are never sent to Google's servers and are stored securely on the user's phone.

Google's new functionality is built using FIDO2 and the WebAuthn protocol, an open standard that sites can use to secure web-based logins.

Google's Android update is the start of bringing a no-password experience to over a billion Android users, or about half the total Android user base.

Not having to remember a password means this is a much more convenient way to log in, and it's also much more secure. Google said by using FIDO2, it can use the same authentication method both on the web and in the app. Using a password manager along with two-factor authentication helps mitigate a lot of these vulnerabilities, but the new method Google is using removes them entirely.

Fortnite champ 'Bugha' swatted while streaming
The caller told police he had killed his father, shooting him multiple times, and tied up his mother in the garage. Giersdorf was streaming " Fortnite " when his father informed him that "armed police" were at the front door.

However, local user verification is used for "reauthentication during step-up flows to verify the identity of the already signed-in user". However, no fingerprint information is ever sent to the company's servers. First, your device must be running Android Nougat or higher and contain your Google Account.

The feature can be demoed right now on the Google Passwords website.

Not everyone may like the idea of Google using biometrics for login purposes.

At the time of writing, it was unclear which Google services could be used with this new password-less login method, with the only example provided in the blog post now being for the company's online Password Manager.