Google Has a Plan to Kill Off Passwords
Is it finally the beginning of the end for passwords? From our laptops to our bank accounts to e-mail, social media accounts, and myriad other online services, passwords ostensibly protect almost every aspect of the lives we lead online. And yet they are annoying to remember and can be dangerously insecure. So why are they still with us?
On Friday, Google announced what may mark the beginning of the end of passwords as we know them. During his talk at Google I/O, Daniel Kaufman, the head of the company’s ATAP (Advanced Technology and Projects) arm, casually mentioned the rollout of a new way of securing Android apps called Trust API. Rather than using standard passwords, Trust API will use biometrics like facial recognition, your typing pattern, even how you walk to help determine that you are who you say you are.
Each metric will contribute to an overall “trust score” that will let you unlock your apps. The program will run in the background of an Android phone, using the phone’s suite of sensors to continuously monitor the user’s behavior. If the trust score falls below a threshold, a user might be prompted for some form of additional authentication.
The idea is similar to a system called Smart Lock, which is already active on some Android phones. Smart Lock lets people unlock their phones by sensing the phone is in a trusted location or recognizing a user’s face. But it doesn’t operate in the background and it doesn’t govern access to individual apps. Doing so will allow Trust API to tightly control the level of authentication needed for access to apps of varying levels of sensitivity. As TechCrunch pointed out in its coverage on Friday, that would be handy for allowing easy access to, say, games, but requiring more stringent authentication before a user could get into a banking app.
Novel replacements for the password have been around for ages, and while many seem promising, they rarely find their way into wide usage. Whether Trust API takes off is likely to be determined quickly. During his talk, Kaufman said that testing with several “very large financial institutions” will begin next month. Banks have a lot to lose if a new feature causes either security or user experience to suffer. If they give the thumbs up, Kaufman’s promise of making Trust API available to all developers before the end of the year could come true—and the password’s days may truly be numbered.
(Read more: TechCrunch, The Guardian, “Log In to Your Phone with a Finger-Drawn Doodle Instead of a Password,” “You’ve Been Misled About What Makes a Good Password,” Wired)
The inside story of how ChatGPT was built from the people who made it
Exclusive conversations that take us behind the scenes of a cultural phenomenon.
ChatGPT is about to revolutionize the economy. We need to decide what that looks like.
New large language models will transform many jobs. Whether they will lead to widespread prosperity or not is up to us.
Sam Altman invested $180 million into a company trying to delay death
Can anti-aging breakthroughs add 10 healthy years to the human life span? The CEO of OpenAI is paying to find out.
GPT-4 is bigger and better than ChatGPT—but OpenAI won’t say why
We got a first look at the much-anticipated big new language model from OpenAI. But this time how it works is even more deeply under wraps.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.