Skip to Content

Google Has a Plan to Kill Off Passwords

Passwords are annoying to remember and can be insecure, so Google is turning to a new form of authentication to protect our personal information.

Is it finally the beginning of the end for passwords? From our laptops to our bank accounts to e-mail, social media accounts, and myriad other online services, passwords ostensibly protect almost every aspect of the lives we lead online. And yet they are annoying to remember and can be dangerously insecure. So why are they still with us?

On Friday, Google announced what may mark the beginning of the end of passwords as we know them. During his talk at Google I/O, Daniel Kaufman, the head of the company’s ATAP (Advanced Technology and Projects) arm, casually mentioned the rollout of a new way of securing Android apps called Trust API. Rather than using standard passwords, Trust API will use biometrics like facial recognition, your typing pattern, even how you walk to help determine that you are who you say you are.

Each metric will contribute to an overall “trust score” that will let you unlock your apps. The program will run in the background of an Android phone, using the phone’s suite of sensors to continuously monitor the user’s behavior. If the trust score falls below a threshold, a user might be prompted for some form of additional authentication.

The idea is similar to a system called Smart Lock, which is already active on some Android phones. Smart Lock lets people unlock their phones by sensing the phone is in a trusted location or recognizing a user’s face. But it doesn’t operate in the background and it doesn’t govern access to individual apps. Doing so will allow Trust API to tightly control the level of authentication needed for access to apps of varying levels of sensitivity. As TechCrunch pointed out in its coverage on Friday, that would be handy for allowing easy access to, say, games, but requiring more stringent authentication before a user could get into a banking app.

Novel replacements for the password have been around for ages, and while many seem promising, they rarely find their way into wide usage. Whether Trust API takes off is likely to be determined quickly. During his talk, Kaufman said that testing with several “very large financial institutions” will begin next month. Banks have a lot to lose if a new feature causes either security or user experience to suffer. If they give the thumbs up, Kaufman’s promise of making Trust API available to all developers before the end of the year could come true—and the password’s days may truly be numbered.

(Read more: TechCrunch, The Guardian, “Log In to Your Phone with a Finger-Drawn Doodle Instead of a Password,” “You’ve Been Misled About What Makes a Good Password,” Wired)

Keep Reading

Most Popular

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

This baby with a head camera helped teach an AI how kids learn language

A neural network trained on the experiences of a single young child managed to learn one of the core components of language: how to match words to the objects they represent.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.