Google will begin testing an alternative to passwords next month, in a move that could do away with complicated logins for good.
The new feature, introduced to developers at the company’s I/O conference, is called the Trust API, and will initially be tested with “several very large financial institutions” in June, according to Google’s Daniel Kaufman.
Kaufman is the head of Google’s Advanced Technology and Projects group, where the Trust API was first created under the codename Project Abacus. Introduced last year, Abacus aims to kill passwords not through one super-secure replacement, but by mixing together multiple weaker indicators into one solid piece of evidence that you are who you say you are.
Among the pieces of evidence that Google suggests the Trust API could use are some obvious biometric indicators, such as your face shape and voice pattern, as well as some less obvious ones: how you move, how you type and how you swipe on the screen. With the service continually running in the background of the phone, it can keep track of whether those indicators match how it knows you use your phone.
Individually, it would be ludicrous to use any of those methods to secure web services. Even facial recognition, now built in to many Android phones, is significantly less secure than a fingerprint scanner, according to Google’s own metrics. But combining them can, the company suggests, result in something more than 10 times as secure as a fingerprint.
Richard Lack, of customer identity management firm Gigya, says approaches like Google’s are likely to pay off. “Consumers tell us that they are struggling to remember what is now an average of over 100 passwords in Europe. At a time when the number of devices we own is rising sharply, this frustration has relegated the registration process to being the most broken thing about the internet. The future lies in methods of authentication without passwords, which consumers clearly favour, both in terms of convenience and enhanced security.
source:guardian