An earlier update to the Samsung Internet browser allowed users on some Galaxy devices to log in to certain services using biometric authentication. Today it appears that Google will let Android users do something similar to Chrome. It is now possible to log in to certain Google services using just your fingerprint, rather than having to type in a password. The feature is available starting today for some Android phones, and it will be rolling out to all phones running Android 7 or later over the next few days. Additionally, the feature even lets you use the same unlock method as your phones (not just biometrics) such as PIN, pattern and password.
If you have a compatible Android device (essentially any device running Android Nougat 7.0 and above), head over to passwords.google.com using the Chrome app on your phone. Once there, tap on any one of these saved passwords following which Google will prompt you to “Verify that it’s you,” after which you have to authenticate using the unlock method of your choice. Android users could already use their fingerprint to authenticate some purchase on services such as Google Pay and the Play Store. Starting today, one can also use the functionality to view and edit the passwords that Google has saved for you at the saved passwords page. Google says it plans to add the functionality to more services in the future.
The new functionality is built using FIDO2 and the WebAuthn protocol. It an open standard that sites can use to secure web-based logins as FIDO2 is much more secure than regular passwords. All Android devices running version 7.0 or later are FIDO2-certified. One of the main advantages of using device-based authentication instead of traditional passwords is that it eliminates the possibility of data loss to a phishing attempt. However, we'd still recommend that you use a strong password manager along with 2FA for non-Google websites as they are yet to support the feature. You should expect to see the functionality go live on Chrome for Android in the coming weeks.