Skip to main content
Rakib
Rakib
Level 3.0: Honeycomb
November 17, 2025
Question

Fido2 key and their issues using them on Android

  • November 17, 2025
  • 4 replies
  • 179 views

First, do Android support using Fido2 keys on Android?

Yes, it does support both using bluetooth, NFC and USB authentication.

For reference: https://developers.google.com/identity/fido/android/native-apps

 

But does it mean that it is straight forward to use it in a enterprise environment without hiccups?

No, the support lacks many features that both Windows and iOS has supported for long time.

 

If I buy a modern Fido2 with OTP support, will it work straight out of the box for using the USB?

No, you need to disable the OTP support first. Here is how you can do that from yubikey manager, this works for Yubikey.

Other vendors might have something similar. But for Fido2 keys without OTP support, it should work out of the box for USB-C, like Google titan.  Why this happens, dont know.

Can we use NFC for Entra ID authentication like we can on Windows and iOS?

No. Android does not currently support CTAP2 for NFC, only for USB-C input. CTAP1 (FIDO U2F) supports certificate based authentication, but CTAP supports user verification with PIN and biometrics. Entra ID requires UV (user verification) before accepting login.

As far as I know, there is also support for bluetooth. But I dont have any fido2 keys that support bluetooth yet.

So why does this matter?

With Android you can have shared devices with secure login for multiple users with a single log in for all supported apps, auto log off and many other possibilities. 


https://learn.microsoft.com/en-us/entra/identity-platform/msal-shared-devices

 

 

 

Other sources/discussions:

https://www.reddit.com/r/yubikey/comments/1oncuh2/whats_the_point_of_nfc_on_android/
https://www.reddit.com/r/yubikey/comments/13tlzoc/fido2_inconsistent_across_windowsandroid/

https://fidoalliance.org/specifications/

 

 

 

    4 replies

    Emilie_B
    Emilie_BCommunity Manager
    Community Manager
    November 20, 2025

    Hi @Rakib, how are you? 

     

    Thank you for contributing this post to the community - that was a very interesting read! 

    Are you using Fido2 keys for work? 

    Rakib
    RakibAuthor
    Level 3.0: Honeycomb
    November 20, 2025

    Hi @Emilie_B,

     

    Our goal is to make use of fido2 keys as the authentication method for shared Android devices, as it is considered as a phising-resistant MFA. With NFC support for CTAP2 on Android this could be achieved.

     

    We do use it already for our shared Windows computers, and there is also support on the iOS devices.

      Emilie_B
      Emilie_BCommunity Manager
      Community Manager
      November 21, 2025

      Thanks for your reply @Rakib - it's always interesting to understand where you're coming from! 

       

      The NFC support for CTAP2 is something I can share with the team as this is an interesting comment - I think USB-C is something that is becoming default (in Europe at least). 

       

      Also, a phishing-resistant MFA sounds appealing; have you tested multiple MFAs before setting up on fido2 keys? 

        Michel
        Michel
        Level 4.0: Ice cream sandwich
        November 24, 2025

        Very interesting read, thanks for sharing. I've been wanting to investigate the options with Android and a fido2 key. I have a Yubico still sealed in a box 😅. 

         

        I like your use case regarding shared devices. Do I understand correctly that you use this as a alternative for the Microsoft authenticator app for example? Because that app is the main issue for shared Android devices. You always need a second, maybe even personal, phone. 

          Rakib
          RakibAuthor
          Level 3.0: Honeycomb
          November 25, 2025

          Yes, you are not allowed to bring a personal phone for an example on a hospital but we want to require MFA login on dedicated phones to.

            Lizzie
            LizzieCommunity Manager
            Community Manager
            November 25, 2025

            Hello @Rakib, @Michel,

             

            I hope you are doing well. 

             

            Thanks for your taking the time to walk us through your current experience and questions around FIDO2 and authentication. This is a really interesting area and I'm glad you've kicked off a discussion around this. 

             

            I've dug into this a little bit to provide you with more context. We have generally focused on USB-C support for security keys due to its reliability, ease of use and being more 'future-proof'. As we look forward to a world where post-quantum cryptography becomes standard, NFC simply won't be able to transfer enough data via a "tap" because of increased packet sizes, resulting in users having to hold their security key for longer to authenticate the device. This issue is then compounded by inconsistencies in NFC placement across devices.


            As it currently stands, we are due to make progress with NFC support next year. I can see this being an interesting topic for you and other community members here, so we will keep you posted as we progress in this area. 

             

            In the meantime, do you have any specific questions that you are keen to know more on this relating to your use case? Or any additional context that would be useful here? 

             

            It would be fantastic to learn more from you and others here, so please do continue this discussion and I hope this is a useful starting point. 

             

            Thanks so much,

            Lizzie

             

            Welcome to the Community everyone!
              Michel
              Michel
              Level 4.0: Ice cream sandwich
              November 26, 2025

              Thanks for clarifying this a bit more, really interesting and helpfull. I'm currently not using (and seeing) this in actual environments so i'm just following this to learn from. 

                Lizzie
                LizzieCommunity Manager
                Community Manager
                November 27, 2025

                Yeah I agree, it's a really interesting area @Michel. I spoke with a member of the Android team who works on this specific area to learn more to provide the additional context above.

                 

                As a side note, I'm hoping we can get more information back on this subject into the community next year and have more discussions on where we are headed - so watch this space. 😀

                Welcome to the Community everyone!
                BenLlewellyn
                BenLlewellyn
                New Member
                February 18, 2026

                Hi @Lizzie and @Rakib - this is a great discussion. We're looking at a similar use case for our frontline retail workforce who operate under compliance obligations and have Yubikeys to access their Point of Sale terminals.

                 

                Our users also use Android Zebra devices as a key part of their job role - and we are keen to enable them with additional enterprise apps. So using their Yubikeys for NFC passwordless auth has a lot of benefit for us.

                 

                @Lizzie - I've seen in January's Google Play Services update release notes (Google System Services Release Notes - Help) that there's a line about NFC CTAP2 support. Are you able to shed some light is this will provide the outcome we're looking for?

                 

                Terms & ConditionsCookie settingsAccessibility statement