Google vs the Password

It’s only a matter of time, it seems

 
Google vs the Password

Did you know passwords are a relic?

I didn’t, until now.

The Verge shows me an article of two years ago: “The login system was first designed for time-sharing computers in the ’60s... To use the computer, you tapped in your login name and password, which told the computer who was sitting at the terminal and which files to make available. Stealing someone’s password was (only) good for a practical joke... there was only one computer where you could use it, and not much personal information on display once you’d broken in.”

And of course, today, everything is password-dependent: Bank account, email, smartphone access.

You’ve seen how smartphones moved from passwords to gestures. And that kind of thing is at the centre of what Google is doing now: Trying to make people do away with passwords altogether.

What’s bad about passwords is that they can be stolen. That’s pretty much it. In fact, a couple of days ago, millions of dollars were stolen from thousands of ATMs in Japan — ATMs that depend on password-type security. Even two-factor authentication — the horrible HSBC system where they send you a physical device and you need to set a six-digit numeric password, and twice a year, you need to visit the bank to reset everything — just requires hackers to find two things instead of one.

If it were biometric-based, they’d have to chop your finger off to get access. (That’s happened, and more than once, by the way: In 2005, some people chopped off a man’s finger to get round a car’s security system.) But let’s assume that most people aren’t so violent.

The story continues: Passwords aren’t nice, there was a group that launched an alliance in 2012 to get companies off passwords. PayPal was among the first to subscribe to the idea. Then Google and MS got on board last year. The idea was, no passwords: Use biometrics on any device, wherever you are, to authenticate yourself for any service — from email to enterprise data access.

Google last week announced their step further. The Verge reports: “Conventional passwords might soon be a thing of the past, or at least on devices running Android.” It’s a really intuitive idea: Matching logins with patterns of device usage. Your fingerprint. How fast you type. When you log in. In fact, there’s something like that on several bank sites right now: If they detect an “unusual” pattern, they ask you a couple of verification questions.

That’s the Trust API that Google announced yesterday, which will run “in the background of users’ devices, monitoring its sensors and information to so that it can provide apps with the current trust score — basically its confidence level that you are who you say you are.” And that’s exactly what can replace the password.

As The Verge notes, the issue at hand is passwords in conjunction with monetary transactions: “The API's release is contingent upon a successful trial with banks.” Once Google gets itself to surmount that — and it will — we’ll see the end of a system that began in the ’60s for time-sharing systems (if you remember what those were!)

Post-scriptum: Engadget seems to think in the opposite direction, saying among other things that “securing Android itself might be the most awesome thing to do first,” calling Android “the most hacked operating system on the planet,” and calling the entire scheme “creepy.”


Tags : Google, Password, Biometrics