Slashdot Mirror
Google Tests Signing Into Accounts Using Your Phone, No Password Required (venturebeat.com)
An anonymous reader writes: Google's battle against poor passwords continues. The company is now testing a new Google Account option that lets users login using their phone, skipping the part where you have to enter your password. The feature uses your phone to authenticate your identity by bringing up a notification that allows you to grant or deny access to your account. Google confirmed it was testing the feature with a small group of users.
Use an app to app an app on the app app while apping other apps!
Apps!
This is still single-factor authentication. All they've done is change from "something you know" to "something you have". And, since that "something you have" can break or get lost or stolen, I'm not sure they haven't just replaced one problem with another.
Passwords suck, but nobody can steal your password from your work/library/restaurant table while you're off taking a dump (or whatever).
"What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
/)
I'm sorry...but not everything needs to revolve around the 'phone'.
My phone is stolen/broken/lost..and now I can't use my laptop to get into my email?
"You won’t need your password to sign in, but you can always use it if you want to"
And after a while of not using that password...you've completely forgotten it.
If this became popular I'd predict a sharp increase in the theft of smartphones. Bad idea, Google.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
To those saying that if a thief steal my phone, they would then have access to my password-less Google account, I reply: Ha! My phone is locked with a password! Take that you evil guy!
This is Google Real names v2. They didn't like the backlash against them the first time but they want to propagate a unique ID to identify everything you do, so they make it easy for you to *use* any persona you have to log into their services. It's just a matter of time until you've logged in with each of your real life personas through all the devices and accounts you own, and every time they swallow one more chunk of your life history.
I don't do anything sensitive on my phone. That includes everything from banking all the way down to email. I just don't.
What that means is that I don't have a lock screen on my phone. You hit the power button, pull the ring up, and you're in. Why do I do this?
1) Much more convenient
2) Email on my phone is a major PITA
3) I don't trust my phone enough to access my money though it
4) If I lose my phone and it's found, the finder can open my phone and easily get my address/email (an app I wrote).
5) Want my contacts/schedule/apps I use? I don't care, none of that is sensitive.
Not great. Now Google will have unrestricted access to my activity. Right now, I can download a 'log out' app to unhitch me from the forced marrriage to Google. This will be Google's work around for that, too; an unavoidable, continuous login.
They need to issue a recovery password for every account. This would be a serial number in case the account ever gets hijacked. It can only get you in to reset your password. It could be written down and stored in a safe or in a safety deposit box. And it cannot be changed. It would be displayed only one time by the website and never be visible again to anyone. So you click on the link, it says "record this" and you write it down and put it in a safe. And that link would never work again.
Yes yes, I know, you hate the idea.
People who eschew the "convenience trumps security" mentality and are willing to jump through the hoops for better security this approach does not offer much. But we are a definite minority. May be if the passwords are not the main authentication credentials those spam phish email volume might decrease, that benefits us all.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
This is stare at the phone somemore 2.0. Fuck google.
DO. NOT. WANT.
Seriously, your phone gets stolen and now you're really fucked. What kind of brainiacs think this shit up??
FFS, repeat after me: Your phone is not your life. Your phone is not the most important thing in the universe. Your phone should not hold the keys to your kingdom. And losing your phone should not immediately put your personal info, email, banking, and other critical information at risk.
Just cruising through this digital world at 33 1/3 rpm...
Your weird English makes me suspect that you're from somewhere else, but what you're saying is definitely false in the USA.
So Android is out, spycrosoft 10 is out, and not sure I want in on the walled garden. Cyanogen and what else are options?
As far i know, the smartphone Oses are still on their infancy in terms of actual safety and have a *LOT* of security flaws that sometimes are unpatched because the mobile operator locked the whole stuff up.
This sounds to me like a great way to give all the google accounts to the first one that come up with a virus that break and steals the credentials of those devices.
Next will be phone login and using the camera to verify you have the phone,
face or fingerprint, even retina scan ?
Might give Google all knowledge about you,
but at least it will be guaranteed identification.
It will make people feel more secure about online transactions, etc.
Go well
SMS messages are not encrypted, and anyone with your IMEI number can program a phone to be 'your' phone.
This just takes security completely out of your hands into the NSA/FBI/gooberment's hands.
This is a stupid idea and makes it EASIER to get your credentials.
Which is doubly silly, because if you care even a little bit about security (but not quite enough to avoid Android), then you use a different Google account for each Android device. The stupidity that allows anyone logged in at a computer with that Google account to uninstall and push apps to your phone makes it very easy for attackers who compromise your browser (and get gmail, or some other Google service), for example via an ad or a malicious attachment, to replace your Internet banking app (or anything else used with two-factor authentication) with a trojaned one.
I am TheRaven on Soylent News
I don't even own a mobile phone and will never give them any phone numbers.
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Now each app will be able to get full access to your Google account, vacuum up e-mail, etc.
Not that they didn't have already, but not being covert access removes any grounds for class action lawsuits.
Hey, you agreed to it give the app full access to your account the moment you (insert action here).
Yep, now hackers don't need to hack your password anymore, they just need your phone and your pin (or crack the phone, which isn't hard on Android). Bingo, every stolen phone becomes a stolen identity! Progress!
"Google's battle against poor passwords continues."
Their battle against VPNs continues as well. Each time I check my mail with my VPN active I get blocked or I have to change my password _again_.
Multiple users have a wired phone line are going to be cheesed off.
Google could offer a list of carriers that sell service on Nexus phones. Or Google could offer an authenticator app that works over Wi-Fi on tablets and on phones whose cellular service has expired. Or, as the featured article points out, passwords will continue to work for the foreseeable future. I can't verify whether Google is already offering passwordless authentication on Wi-Fi devices because the featured article didn't specify which devices are compatible beyond a screenshot stating "To use your phone to sign in, you'll need a compatible phone with a screen lock."
Stop carrying a cell phone. I stopped carrying a cell phone earlier this year, and I no more miss it than when it was the 80s or 90s and I didn't have one.
And what device for, say, roadside assistance if one's car or bike breaks down? And what device for someone who doesn't drive to call to arrange a ride? Back in the 1980s and 1990s, one could use a payphone, but payphones have since been removed from service after the ubiquity of cell phones made them less profitable to maintain. Or is it a good idea to carry a PDA and a dumbphone as separate devices?
There are a [number] of other devices, with and without network connectivity, that you can use as a PDA for taking notes or pictures while you're on the go.
Any that aren't made by Apple? For some reason, the Android device makers never came out with a solid 4" to 5" tablet that challenged the iPod touch. There were a couple attempts back in the Android 2.1 "Eclair" and 2.2 "FroYo" era, namely the Archos 43 and Samsung Galaxy Player, but those never got wide distribution and in any case never made it to 4.0 "Ice Cream Sandwich".
Even an NDS with wireless disabled can do basic PDA duty, calendar, etc.
By "NDS" did you mean a homebrew-enabled Nintendo DS running DSOrganize? Those are banned in some countries (like the Netherlands) on grounds of "circumvention". If not, please explain.
If you really want to write an anonymous first post, did you try expanding the story, right-clicking the title, and choosing "open in new tab"?
there's no reason to carry round a second device whose functionality is merely a subset of that provided by the other.
s/merely/nearly/ is more like it. If you're using your phone as a pocket watch, it's hard to pull your phone out with things in both your hands. And your phone probably can't switch among time, date, stopwatch, and calculator activities with a button that you can feel for instead of having to look down for.
I love my CA-53W.
Mobile data in the United States hovers around 1-2 cents per MB. A single authentication request will likely take less than 0.05 MB.
You've listed 10,002 sites (Yahoo, Facebook, and one myriad of others) that require a phone number. One could instead choose to abstain from those 10,002 sites and use one of the the 989,998 other sites that don't require a mobile phone number.
If we change from "biggest danger is trojans and password-file hacks anywhere in the world" to "biggest danger is someone physically stealing my phone and cracking my PIN", that seems like a really, really big win. Especially if you like Hello Kitty.