Google plans to use "trust scores" to phase out traditional passwords access on Android.
Η company wants to get rid of all passwords, at least for Android apps, by 2017. Google unveiled its plans at its I/O 2016 conference held last week. You can understand why, after so many cases of stolen or compromised passwords.
Let's see how:
Google's Trust API technology is reported to use a variety of metric indices to create a trust score.
So factors such as typing speed, voice inflexions, face recognition, and proximity to well-known Bluetooth devices and Wi-Fi hotspots could be used to calculate the score.
Games and basic tools will be able to run even if the trust score is low, while more sensitive applications such as banking and webmail biometric and location-based data combined with any of the above will be needed for a high score.
This means that a device can be unlocked for low-scoring applications, but that will provide a way for more privilege attacks. Conversely, if a password is forgotten, users may be locked out of the device and not have access to their data - in theory at least.
It sounds like a trade-off between security and convenience, a classic security equation.
On the other hand, Android users usually allow access to all apps on their device without the need for a password when the device is unlocked.
Richard Lack, EMEA's sales manager at Gigya's customer identity management department, said Google's plans are welcome as part of a wider escape of passwords that now feature as insecure technology.
"The future lies in password-free authentication methods, which consumers will clearly prefer, both in terms of convenience and enhanced security," Lack said.
“Biometric identification is a powerful catalyst that will enable businesses to deploy it to significantly increase enrollment rates, gaining data and insight into their customers, while also increasing customer security. It's a win/win scenario that sounds like a promessage death to insecure passwords sooner than expected.”
