Google's steps in eliminating passwords permanently

  • People using Android phones will be able to log in to web services in Chrome by using a fingerprint stored on their device, in Google’s bid to remove password reliance.

    Starting from just last week, Android owners with updates as old as the Android Nougat (which was released in 2016), will be able to use their fingerprint to access web services.

    Google software engineer Dongjing He and product manager Christiaan Brand penned a blog post detailing the changes, writing that “Passwords, combined with Google's automated protections, help secure billions of users around the world. But, new security technologies are surpassing passwords in terms of both strength and convenience.”

    According to Wired, this login system is currently quite limited in that the only web service that it's possible to access without a password is Google Chrome's often infrequently used password manager. If you navigate to through Google's web browser on your Android and tap on a previously saved piece of information, you'll be prompted to use the fingerprint saved on your phone to access the data.

    It isn’t just Google who is trying to get rid of pesky passwords for good. The FIDO Alliance is made up of Facebook, Intel, PayPal, Intel, Visa, Amazon, and more companies, and has been working on helping to replace passwords for years. 

    The Alliance is responsible for the FIDO2 Internet standard, which is better than user passwords as it protects login details using public/private key encryption. This works by storing a private encryption key on a device such as a smartphone – and a public key is held by the company your account belongs to. When a person tries to sign in to their account, the private key is unlocked by the use of a fingerprint or other biometric and it's matched with the public key to access your information.

    Google hasn't yet announced when Gmail and its myriad of other services will support Android logins without passwords, but change is coming. "As we continue to embrace the FIDO2 standard, you will start seeing more places where local alternatives to passwords are accepted as an authentication mechanism for Google and Google Cloud services," the company staffers wrote in their blog post.

    A world without passwords and PINs was Google’s fresh idea in May 2015, with a promise to kill the password off completely by the end of 2016. The vision was that Android users could use typing patterns and facial recognition instead of the laborious task of typing in their passwords every time they wanted to log into their Google account.

    The then-new feature was called the Trust API. As well as face/voice recognition which are common indicators used today (with Apple implementing it in the iPhone X back in 2017), Google said Trust API would analyse other less obvious factors, including personal movements, how you type and how you even swipe the screen. Basically Trust API runs in the background, always keeping track of  biometrics, so it will know you are really “you” when you unlock your device.

    This idea may finally becoming reality with Google’s new Pixel smartphone. The tech giant been working for five years on a motion-sensing radar called Soli, which it says will enable the Pixel 4 to detect the user's face faster and in "almost any orientation", even if it's being held upside down. The company claims this will help take the "hassle" out of face unlocking seen on rival smartphones, which can require people to lift and hold the device in a certain position.

    According to SplashData, “123456” and “password” are still the most commonly used passwords today among a variation of similar combinations, despite constant privacy warnings against such blatant choices. As well as that, humans are creatures of habit, and so usually use the same password for nearly everything that requires one.

    A report by Microsoft earlier this year showed that Northern Irish users are particularly poor when it comes to such security measures, with 46% of people admitting to re-using the same passwords more than once and many using the same passwords for work and personal purposes.

    About the author

    Niamh is a Sync NI writer with a previous background of working in FinTech and financial crime. She has a special interest in sports and emerging technologies. To connect with Niamh, feel free to send her an email or connect on Twitter.

    Got a news-related tip you’d like to see covered on Sync NI? Email the editorial team for our consideration.

Share this story