Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Plans To Bring Password-Free Logins To Android Apps By Year-End (techcrunch.com)

Posted by msmash on from the Google-despises-passwords dept.

An anonymous reader shares a report on TechCrunch: Google's plan to eliminate passwords in favor of systems that take into account a combination of signals -- like your typing patterns, your walking patterns, your current location, and more -- will be available to Android developers by year-end, assuming all goes well in testing this year. In an under-the-radar announcement Friday afternoon at the Google I/O developer conference, the head of Google's research unit ATAP (Advanced Technology and Projects) Daniel Kaufman offered a brief update regarding the status of Project Abacus, the name for a system that opts for biometrics over two-factor authentication. With Project Abacus, users would unlock devices or sign into applications based on a cumulative "Trust Score." This score would be calculated using a variety of factors, including your typing patterns, current location, speed and voice patterns, facial recognition, and other things.The Trust API will be available to developers, who can then implement that into their apps. The company says that developers will have the option to adjust the threshold required for a trust score.

20 of 109 comments (clear)

  1. Luddite here by liqu1d · · Score: 3, Insightful

    What on earth is wrong with two factor authentication? I can't see these being more secure.

    1. Re:Luddite here by Calydor · · Score: 5, Insightful

      In fact they will be extremely troublesome.

      Typing or voice patterns? Oh so sorry, you have a headache or the flu, your pattern has shifted enough to not be recognizable. Walking patterns? Too bad about that broken leg after your ski trip, you're locked out of your phone for three months or more.

      --
      -=This sig has nothing to do with my comment. Move along now=-
    2. Re:Luddite here by 93+Escort+Wagon · · Score: 4, Informative

      What on earth is wrong with two factor authentication? I can't see these being more secure.

      The problem is - Google can't collect more information on you when you're using traditional two-factor authentication. With this new technique, on the other hand, Google will hopefully cut down on the pesky number of users who intentionally disable Google's monitoring when they aren't actively using Google's apps. To collect information on your walking cadence, for instance, they'll need to be able to track your walking constantly.

      --
      #DeleteChrome
    3. Re:Luddite here by JackieBrown · · Score: 3, Insightful

      Yep - I'm sure no one at Google thought about this. You should email them quick!

    4. Re:Luddite here by H3lldr0p · · Score: 2

      And I would argue back that's because people in general are terrible at security. It takes a certain mindset to accept the purpose behind such things, let alone integrate them into anything approaching usefulness.

    5. Re:Luddite here by U2xhc2hkb3QgU3Vja3M · · Score: 3, Funny

      What on Druidia is wrong with one two three four five?

    6. Re:Luddite here by Jane+Q.+Public · · Score: 3, Insightful

      Yep - I'm sure no one at Google thought about this. You should email them quick!

      What, you think Google is magic, or prescient?

      Google has had A LOT of bad ideas. And went on to implement them, only later to realize they were bad ideas.

      The thing about Google is that it (or Alphabet) is big enough that it can afford such failures... no matter how much it costs the rest of us.

  2. Just when I got used to using a password safe.... by MAXOMENOS · · Score: 2

    ....now they want me to start using authentication that assumes that I keep my same physical abilities all my life.

    HAHAHAHAHAno.

    --
    Finding God in a Dog
  3. Walking patterns? by the_skywise · · Score: 5, Funny

    Good luck getting that to work when you're drunk and trying to order up an Uber.
    "I need -hic- whoa I need a uber to get home"
    UNAUTHORIZED USER
    "No like really man, open up and order me a..."
    UNAUTHORIZED USER
    "Oh fu...fu... fine... hic... Oh wait"
    UNAUTHORIZED USER"
    "SHADDUP THAT WASN'T AN ATTEMPT"
    UNAUTHORIZED USER
    "wait wait... my voice is.. my passport, verify me?"
    UNAUTHORIZED USER
    "FUG YOU... Ima just gonna llie down on this soft concrete now..."
    "Oh dude... check out this guys awesome phone, grab it!"
    User accepted, have a nice day.
    "sweet!"

  4. Re:My bank will love this by afidel · · Score: 2

    Simple solution:get a new bank, or better yet if you're in the US a credit union. Then again I deal with two of the largest banks in the world (BoA and Wells Fargo, both through acquisition of other banks) and they have no problem doing online banking correctly.

    --
    There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  5. Re:Just when I got used to using a password safe.. by The-Ixian · · Score: 2

    It sounds like this biometric-based "trust score" will just be an additional verification factor... So I am not sure why they are saying it is going to replace 2nd factor.... it will BE the second (or third) factor...

    Also, being a second factor implies that this will not unlock your device by itself... it will just be an additional "verification" on your unlock method... like: I see that you got the unlock dot sequence technically correct, but you did it in a swiping style that is inconsistent with all your previous unlocks... so no login, try again.

    So, saying that it will remove the needs for passwords is... well... lying really.

    I mean, how would that work even if it was true? Phone: "Walk around a bit to unlock." what?

    I mean, the tech is neat, but it would seem as though the article is getting some facts completely wrong... either that, or I am not understanding this correctly...

    --
    My eyes reflect the stars and a smile lights up my face.
  6. Just what we need - better tracking by joe_frisch · · Score: 4, Insightful

    So they want a technology that can accurately identify me by all sorts of unconscious traits. This would make any form of anonymity impossible.

    I completely understand why Google wants this - collecting and selling information is their business model. I don't understand why *I* as a customer would want it.

    1. Re:Just what we need - better tracking by Anonymous Coward · · Score: 2, Insightful

      You aren't the customer in this scenario. You are the product!

  7. Bio auth NOT protected by 5th Amendment by thedarb · · Score: 5, Insightful

    Do not want. Courts can, and do, compel people to provide bio-metric data, as that is not protected by the 5th Amendment. Only passwords and pass-phrases are protected. Government agencies would LOVE this trend, especially if it became the only form of authentication on your device(s), as they wouldn't need a back door to your encryption anymore. Do not accept this weakening of your security.

    --
    This sig intentionally left blank.
  8. Seriously? by SumDog · · Score: 3, Insightful

    This seems horrible in every way possible.

  9. Hidden message by Anonymous Coward · · Score: 2, Interesting

    What Google is really saying is that they're tracking so many user behaviors that you will not be able to hide behind an alias.

  10. What problem... by Dcnjoe60 · · Score: 4, Insightful

    What problem is this trying to solve? And more importantly, why is google collecting this specific information about users and once collected, how else will it be used and by whom? Maybe that's why the announcement was "low key." They were hoping it would go unnoticed.

  11. Re:My bank will love this by Opportunist · · Score: 2

    But I hope they also have a second channel for verification of login or transation, like sending you an SMS with the amount transferred and the target account number along with a one time pin to sign the transaction, right?

    If not, tell them their security theater is worth less than the TSA goons at the airport. And they're already worse than useless.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  12. Locksmith, four seconds to unlock your house/car by raymorris · · Score: 2

    When I used to do locksmith work, it would take me a few seconds to unlock your car or house if you locked the key inside. Customers were happy that I could bypass the security for them.

    Now that I work in information security, most people seem to think something is horribly wrong if I'm able to bypass the security.

    There is an appropriate level of security for each use case. Neither your apartment nor your Slashdot account needs to be an impenetrable fortress that even the CIA can't get in to . Sometimes, convenience does trump security.

  13. I want it to be more secure, not less by bernywork · · Score: 2

    I want to be able to write rules, so that, if I'm at home (Geo-location) and connected to the wireless, then you only need a simple unlock code.

    If I'm out and about, I want it to be looking for my smart watch before it will unlock, or otherwise a yubikey (NFC).

    If you want to get into my work section of my device you need *all* the above. Bluetooth, NFC and a strong unlock code.

    If you don't have any of this stuff, no unlock. If you fail auth 7 times, full brick. Device destroyed.

    I don't want to reward people who would mug me for my phone, if we got to the point where the devices are a worthless lump without an unlock, then people won't steal from you. Remove the incentive, remove the crime.

    --
    Curiosity was framed; ignorance killed the cat. -- Author unknown