Typing passwords might be the biggest nuisance on mobile devices, and Google wants to kill them for good. Last week at Google I/O 2016, Daniel Kaufman, the head of Google’s Advanced Technology and Projects research unit (ATAP) updated us on Project Abacus, Google’s software-only plan to eliminate the need to enter passwords.
Announced at last year’s Google I/O, Project Abacus works by accumulating data about you such as the particular times and locations you might use an app, as well as your voice and face to derive a Trust Score. This Trust Score is then used to determine if it’s indeed you. If so, you won’t have to enter a password, and if not, well, you get the gist. Financial apps would require a very high Trust Score, while games and such wouldn’t be as stringent.
Engineers in Google’s search and machine intelligence teams created the Trust API, which will be tested at select banks starting in June. If all goes well, it’ll get released to all Android developers by the end of the year. As many as 33 universities across 28 states already ran trials last year.
Google has dabbled in this area with Smart Lock, which was introduced in Android Lollipop. It allows you to automatically unlock your Android phone or tablet if you’re connected to a trusted Wi-Fi network or Bluetooth device. Another method is two-factor authentication, which is the practice of generating a unique PIN through an email or SMS message. A very secure method, but it’s too time consuming for the average user.
The problem with passwords is that people don’t remember them, so they tend to use simplified passwords. To make matters worse, most people will use the same password for multiple accounts, making them more vulnerable to attacks. Some have resorted to using password manager apps that automatically type passwords for you, but they can be a pain to set up. Google’s plan is to make things simpler, but even more secure than today’s standards.
“We have a phone, and these phones have all these sensors in them. Why couldn’t it just know who I was, so I don’t need a password? It should just be able to work,” said Kaufman at a developer session last Friday afternoon at Google I/O.
By bringing the Trust API to the app level, it will further protect app data from a stranger that who able to successfully unlock your device. Each app would determine that the user wasn’t you and would require a password to gain access.
From what we can tell, it doesn’t appear that Google will need to release a new version of Android for the Trust API to work, since it’s mostly at the app level. This means that it should work on older versions of Android as well, but we won’t know for sure until we get closer to its release later this year.