Google Goes Password-Free
Google is currently testing an authentication system that would allow users to sign in to their accounts using their smartphone instead of a standard alpha-numeric password. As revealed last month by Reddit user Rohit Paul (rp1226) the test is invite-only for select Google users. While other companies have experimented with using smartphones as part of two-factor authentication alongside passwords, Google’s test shows a clear example of a future without passwords.
The details of Google’s new system aren’t completely clear but here’s a general outline of how it works: First, a user registers their phone to use the service. They go to the Google login screen on their computer, enter their email address and press Next. Instead of asking for a password, the subsequent screen displays a two-digit number, ie. ‘21’ and asks the user to check their phone for a sign-in notification. The phone notification asks them if they are trying to sign in. After the user selects ‘Yes,’ it asks them to choose one of three numbers on their smartphone to match the number that’s displayed on the computer screen.
Essentially Google’s new login method would bypass static passwords and utilize randomized two-digit numbers and pre-registered smartphones to authenticate users. There are aspects of this authentication method that could create new problems, such as losing your smartphone which itself isn’t locked or password-protected. There would also have to be a secure method to reset your password after losing your phone. Yet the new technology looks more promising than some recent attempts at replacing passwords with emojis and less open to abuse than logging in through facial recognition.
No matter how complex you make your password – using random letters, numbers, and punctuation marks, the company storing the password can still be susceptible to a breach. The standard recommendation is to use a different password for every account but few people, save for the most diligent or paranoid among us, utilize unique passwords for different accounts. The recycling of passwords combined with potential encryption and data storage vulnerabilities makes the standard alpha-numeric password a potential security weakness. Perhaps Google will lead the way to a new standard in access control.