Google ... Wants to "Trust" You.
Google is currently in a bid to get rid of your (un)trustworthy passwords and replace them with a 'trust score'. At least, that's it's plan ... and to have it rolled out on Android phones by next year.
Why Does Google Want To Get Rid Of Your Password?
There are many reasons why traditional passwords can be inappropriate as a means of security protection.
For starters, many people have passwords that are easy to guess (crack) based on personal information or common words. Other people invariably forget their passwords ... causing them to write them down or leave them stored inappropriately, in spite of the obvious risks.
The arrival of quantum computing may even render passwords obsolete altogether.
How Does The New System Work?
It's based on a system called "trust scores" and uses combinations of inputs (voice, keyboard etc) to ensure that you are who you say you are, via a "Trust API" to be employed on mobile phones using the Android operating system.
We all have unique signatures in the ways that our phones are accessed and so this system can use a variety of checks to build your trust score.
Facial recognition, location, voice recognition, typing speed etc are a few of the more obvious choices.
It's Not Just a Yes or No
Different services can require different levels of security and so something (seemingly) trivial like access to playing games might require a low trust score whereas a banking app would require much higher levels of 'trust'.
Daniel Kaufman at Google's I/O conference said "We have a phone, and these phones have all these sensors in them. Why couldn't it just know who I was, so I don't need a password? It should just be able to work."
Daniel is in charge of Google's Advanced Technology and Projects Group (ATAP), itself responsible for experiments within Google.
Here is a Youtube link of him speaking at the event : https://www.youtube.com/watch?v=8LO59eN9om4 which makes for compelling viewing.
A Definite Trend
There are many examples (several of which we have cited recently) where other companies are promoting other ways to access their services and data, without passwords.
Last year in April, Elon Musk's old stomping ground - PayPal - suggested biometric possibilities such as signature 'tattoo technology' embedded under your skin or passwords you could "swallow".
Talk-Talk (itself a recent victim of a high profile security breach) has abandoned passwords for voice recognition.
Retina scans and finger print recognition may almost seem old news by comparison.
When Will This Be Rolled Out?
Google has determined that it will start testing the Trust API within a few weeks with large financial institutions. It said it hoped to have it available for all android phones - and thus kill the password - by the end of the year.
What Does This Mean For Your Business?
A lost/stolen/compromised mobile phone is a vulnerable point of potential attack that many businesses don't consider properly when thinking about their overall security.
IT security is ever increasingly becoming a major factor in every day business operations, right up there with administration or production. Anything that can make our data more secure has to be a good thing although of course there is yet to be established the legal ramifications of due diligence and responsibility if/when systems are compromised using this new technology
Whilst this move is aimed at mobile phones due to their very nature of having more sensory inputs than (say) a laptop, it could potentially be migrated to other devices as well, should it prove successful.