Slashdot Mirror
Google Tests Signing Into Accounts Using Your Phone, No Password Required (venturebeat.com)
An anonymous reader writes: Google's battle against poor passwords continues. The company is now testing a new Google Account option that lets users login using their phone, skipping the part where you have to enter your password. The feature uses your phone to authenticate your identity by bringing up a notification that allows you to grant or deny access to your account. Google confirmed it was testing the feature with a small group of users.
Didn't work after several attempts. Color me surprised.
Getting ready to cancel the remaining Google services that I accumulated over the years ;)
Use an app to app an app on the app app while apping other apps!
Apps!
Sweden has a similar system since many years back, BankID ( https://www.bankid.com/ )
Only differnce seems to be that google thinks people always use some kind of screenlock on their phone so they do not ask the user for a PIN when they promt the user.
Wonder what the CreditCard companies and PCI compliance thinnks of that? ^^
This is still single-factor authentication. All they've done is change from "something you know" to "something you have". And, since that "something you have" can break or get lost or stolen, I'm not sure they haven't just replaced one problem with another.
Passwords suck, but nobody can steal your password from your work/library/restaurant table while you're off taking a dump (or whatever).
"What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
/)
How does one get to the comment section to post a comment to this or any other story when the story doesn't have any comments? I'm logged in and it appears the only way is to click the number of comments link; however, it only appears when at least one comment has been made.
I'm sorry...but not everything needs to revolve around the 'phone'.
My phone is stolen/broken/lost..and now I can't use my laptop to get into my email?
"You won’t need your password to sign in, but you can always use it if you want to"
And after a while of not using that password...you've completely forgotten it.
So, now anybody with the intelligence equipment to spoof your phone can log into your e-mail account without password. Brilliant.
One more way to eventually force everyone to buy a phone with a data screen (and data plan). One day my motives for not having one will be questione., But that will never happen; since I won't be able to do anything without one (including being able to drive a car).
Now if someone steal your phone, they literally can get EVERYTHING.
Your wallet, your email, all of your accounts linked to the email... All in a single device that can be easily stolen. What a GREAT idea.
If this became popular I'd predict a sharp increase in the theft of smartphones. Bad idea, Google.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
To those saying that if a thief steal my phone, they would then have access to my password-less Google account, I reply: Ha! My phone is locked with a password! Take that you evil guy!
phone theft rises sharply.
Google's battle against poor passwords continues
No, this is not a 'battle against poor passwords' but a battle to know who you are. Real Identities help sell widgets.
I don't do anything sensitive on my phone. That includes everything from banking all the way down to email. I just don't.
What that means is that I don't have a lock screen on my phone. You hit the power button, pull the ring up, and you're in. Why do I do this?
1) Much more convenient
2) Email on my phone is a major PITA
3) I don't trust my phone enough to access my money though it
4) If I lose my phone and it's found, the finder can open my phone and easily get my address/email (an app I wrote).
5) Want my contacts/schedule/apps I use? I don't care, none of that is sensitive.
Not great. Now Google will have unrestricted access to my activity. Right now, I can download a 'log out' app to unhitch me from the forced marrriage to Google. This will be Google's work around for that, too; an unavoidable, continuous login.
They need to issue a recovery password for every account. This would be a serial number in case the account ever gets hijacked. It can only get you in to reset your password. It could be written down and stored in a safe or in a safety deposit box. And it cannot be changed. It would be displayed only one time by the website and never be visible again to anyone. So you click on the link, it says "record this" and you write it down and put it in a safe. And that link would never work again.
Yes yes, I know, you hate the idea.
People who eschew the "convenience trumps security" mentality and are willing to jump through the hoops for better security this approach does not offer much. But we are a definite minority. May be if the passwords are not the main authentication credentials those spam phish email volume might decrease, that benefits us all.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
No more pesky warrants. Gimme that!
Kids, forget the phone stealing matter. How much this feature will cost for my data cap? May I need to be always in 3G for use any app that uses my ID locally or offline? What if I have 2 IDs in my phone?
DO. NOT. WANT.
Seriously, your phone gets stolen and now you're really fucked. What kind of brainiacs think this shit up??
FFS, repeat after me: Your phone is not your life. Your phone is not the most important thing in the universe. Your phone should not hold the keys to your kingdom. And losing your phone should not immediately put your personal info, email, banking, and other critical information at risk.
Just cruising through this digital world at 33 1/3 rpm...
As far i know, the smartphone Oses are still on their infancy in terms of actual safety and have a *LOT* of security flaws that sometimes are unpatched because the mobile operator locked the whole stuff up.
This sounds to me like a great way to give all the google accounts to the first one that come up with a virus that break and steals the credentials of those devices.
Next will be phone login and using the camera to verify you have the phone,
face or fingerprint, even retina scan ?
Might give Google all knowledge about you,
but at least it will be guaranteed identification.
It will make people feel more secure about online transactions, etc.
Go well
SMS messages are not encrypted, and anyone with your IMEI number can program a phone to be 'your' phone.
This just takes security completely out of your hands into the NSA/FBI/gooberment's hands.
This is a stupid idea and makes it EASIER to get your credentials.
I don't even own a mobile phone and will never give them any phone numbers.
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Now each app will be able to get full access to your Google account, vacuum up e-mail, etc.
Not that they didn't have already, but not being covert access removes any grounds for class action lawsuits.
Hey, you agreed to it give the app full access to your account the moment you (insert action here).
..."Google tests signing NSA into accounts using your backdoored phone, no password required"?
"Google's battle against poor passwords continues."
Their battle against VPNs continues as well. Each time I check my mail with my VPN active I get blocked or I have to change my password _again_.
Multiple users have a wired phone line are going to be cheesed off.
Google could offer a list of carriers that sell service on Nexus phones. Or Google could offer an authenticator app that works over Wi-Fi on tablets and on phones whose cellular service has expired. Or, as the featured article points out, passwords will continue to work for the foreseeable future. I can't verify whether Google is already offering passwordless authentication on Wi-Fi devices because the featured article didn't specify which devices are compatible beyond a screenshot stating "To use your phone to sign in, you'll need a compatible phone with a screen lock."
Stop carrying a cell phone. I stopped carrying a cell phone earlier this year, and I no more miss it than when it was the 80s or 90s and I didn't have one.
And what device for, say, roadside assistance if one's car or bike breaks down? And what device for someone who doesn't drive to call to arrange a ride? Back in the 1980s and 1990s, one could use a payphone, but payphones have since been removed from service after the ubiquity of cell phones made them less profitable to maintain. Or is it a good idea to carry a PDA and a dumbphone as separate devices?
There are a [number] of other devices, with and without network connectivity, that you can use as a PDA for taking notes or pictures while you're on the go.
Any that aren't made by Apple? For some reason, the Android device makers never came out with a solid 4" to 5" tablet that challenged the iPod touch. There were a couple attempts back in the Android 2.1 "Eclair" and 2.2 "FroYo" era, namely the Archos 43 and Samsung Galaxy Player, but those never got wide distribution and in any case never made it to 4.0 "Ice Cream Sandwich".
Even an NDS with wireless disabled can do basic PDA duty, calendar, etc.
By "NDS" did you mean a homebrew-enabled Nintendo DS running DSOrganize? Those are banned in some countries (like the Netherlands) on grounds of "circumvention". If not, please explain.
there's no reason to carry round a second device whose functionality is merely a subset of that provided by the other.
s/merely/nearly/ is more like it. If you're using your phone as a pocket watch, it's hard to pull your phone out with things in both your hands. And your phone probably can't switch among time, date, stopwatch, and calculator activities with a button that you can feel for instead of having to look down for.
I love my CA-53W.
You've listed 10,002 sites (Yahoo, Facebook, and one myriad of others) that require a phone number. One could instead choose to abstain from those 10,002 sites and use one of the the 989,998 other sites that don't require a mobile phone number.