Skip to Content

Google Has a Plan to Kill Off Passwords

Passwords are annoying to remember and can be insecure, so Google is turning to a new form of authentication to protect our personal information.

Is it finally the beginning of the end for passwords? From our laptops to our bank accounts to e-mail, social media accounts, and myriad other online services, passwords ostensibly protect almost every aspect of the lives we lead online. And yet they are annoying to remember and can be dangerously insecure. So why are they still with us?

On Friday, Google announced what may mark the beginning of the end of passwords as we know them. During his talk at Google I/O, Daniel Kaufman, the head of the company’s ATAP (Advanced Technology and Projects) arm, casually mentioned the rollout of a new way of securing Android apps called Trust API. Rather than using standard passwords, Trust API will use biometrics like facial recognition, your typing pattern, even how you walk to help determine that you are who you say you are.

Each metric will contribute to an overall “trust score” that will let you unlock your apps. The program will run in the background of an Android phone, using the phone’s suite of sensors to continuously monitor the user’s behavior. If the trust score falls below a threshold, a user might be prompted for some form of additional authentication.

The idea is similar to a system called Smart Lock, which is already active on some Android phones. Smart Lock lets people unlock their phones by sensing the phone is in a trusted location or recognizing a user’s face. But it doesn’t operate in the background and it doesn’t govern access to individual apps. Doing so will allow Trust API to tightly control the level of authentication needed for access to apps of varying levels of sensitivity. As TechCrunch pointed out in its coverage on Friday, that would be handy for allowing easy access to, say, games, but requiring more stringent authentication before a user could get into a banking app.

Novel replacements for the password have been around for ages, and while many seem promising, they rarely find their way into wide usage. Whether Trust API takes off is likely to be determined quickly. During his talk, Kaufman said that testing with several “very large financial institutions” will begin next month. Banks have a lot to lose if a new feature causes either security or user experience to suffer. If they give the thumbs up, Kaufman’s promise of making Trust API available to all developers before the end of the year could come true—and the password’s days may truly be numbered.

(Read more: TechCrunch, The Guardian, “Log In to Your Phone with a Finger-Drawn Doodle Instead of a Password,” “You’ve Been Misled About What Makes a Good Password,” Wired)

Keep Reading

Most Popular

A Roomba recorded a woman on the toilet. How did screenshots end up on Facebook?

Robot vacuum companies say your images are safe, but a sprawling global supply chain for data from our devices creates risk.

A startup says it’s begun releasing particles into the atmosphere, in an effort to tweak the climate

Make Sunsets is already attempting to earn revenue for geoengineering, a move likely to provoke widespread criticism.

10 Breakthrough Technologies 2023

Every year, we pick the 10 technologies that matter the most right now. We look for advances that will have a big impact on our lives and break down why they matter.

These exclusive satellite images show that Saudi Arabia’s sci-fi megacity is well underway

Weirdly, any recent work on The Line doesn’t show up on Google Maps. But we got the images anyway.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.