Google accounts can now be re-verified in Chrome on Android in some instances using fingerprint verification, thanks to a new server-side update the company is rolling out starting today. The change will arrive on Pixel devices first. Other handsets running Android 7.0 Nougat or newer will see it over the next several days.
Put simply, with the updated services in place, users will no longer need to re-enter their Google account password when trying to access sensitive information on their mobile device.
The clearest example of that can currently be seen when users try to log into their Chrome password manager. In its current form, the authentication system effectively forces users to verify themselves when accessing an individual credential in the password manager. Those are typically hidden prior to verification. After clicking a password to view it, that means re-entering the Google account password.
After the change, they'll only need to verify themselves using their fingerprint.
How does fingerprint verification work here?
This new method for accessing information Google deems sensitive or signing into a page isn't entirely new. In fact, it's built on top of the same web foundations that recently enabled the company to allow the use of Android devices as physical security keys.
Using FIDO2 standards, W3C WebAuthn, and FIDO CTAP, Chrome on Android is now able to utilize a fingerprint instead of a password. It does that by creating a device-specific security key. Once created, that key can be sent for secondary verification without actually sending or storing the fingerprint on Google's servers.
In effect, it works the same way identity verification in an application or in the Google Play Store works using fingerprint scanning.
The only prerequisites, in this case, are that the device needs to have lock screen security enabled and the user logged into a valid Google account. As with the method for using Android as a physical security key, Android 7.0 Nougat or newer is needed. It's only after that version that Android meets FIDO2 certification standards. As of August, that applies to well over half of the Android smartphones currently in use around the world.
Beyond fingerprint verification, face unlocking across the web
Moving forward, Google's ultimate goal is to eliminate the need to verify with fingerprints too, wherever possible. Specifically, the company wants to advance the authentication method so that facial recognition can be used instead. In all likeliness, a combination of either or both will likely be enabled where the hardware supports the authentication methods.
That could eventually eliminate verification entirely from the perspective of end-users.
The search giant may include other lock screen verification methods in the future too for those who don't have a fingerprint scanner or face unlocking. Google might also eventually expand this well beyond Chrome on Android.
The search giant has spent an enormous number of resources in pursuit of password-free user verification and log-ins. Elsewhere on Android, the use of fingerprints has been extended to third-party apps via various API as well. That may be the direction Chrome moves on Android in the future here too.
For now, things are limited to Google services. This latest change could shift things toward facial recognition, fingerprint verification, and other biometrics as a long-in method across the web in the future.