Google wants to kill the password, and came up with an ingenius way to do it

google atap plan to kill passwords maxresdefault
Google’s Advanced Technologies and Projects (ATAP) unveiled a bundle at the group’s I/O keynote this morning, but two of the most interesting presentations dealt with passwords, or “relics,” as division head Regina Dugan called them. “Passwords suck,” she explained, for a variety of reasons. According to ATAP’s data, 70 percent of users forget their passwords, and don’t often do a very good job creating hard-to-crack phrases besides — “Humans are a bad source of entropy,” Dugan said. In an effort to develop more reliable security, ATAP developed Project Abacus, an analytical system based on machine learning, and Project Vault, a cryptographic MicroSD card.

The scale of Project Abacus was so vast that ATAP sought outside help — Dugan said the department recruited 25 researchers from 16 institutions to participate in development. With the added brainpower and the help of hundreds of volunteers, they managed to create a new method of authentication that Dugan said is not only 10 times more secure than the best fingerprint sensor available, but also entirely based in software — it requires no special operating system or hardware.

Project Abacus works, she explained, by continually generating a “trust score” from data the hardware on which it’s running collects — the apps you most frequently use, for example, or your location. To demonstrate, two researchers on stage passed a smartphone running Abacus software back and forth. The front-facing camera collected facial data and algorithms calculated trustworthiness in real time. When the second researcher used an app at a time of day the first researcher typically didn’t, the “score,” represented on a line graph, decreased.

Dugan was coy about workings and prospects of Project Abacus, but stressed the code was simple enough to be packaged in a software update.

Project Vault, on the other hand, is physical. But that doesn’t make it any less impressive. It’s capable of creating a secure communications channel on any device with a MicroSD slot.

google-io-2015-atap0076

That may sound like magic, but Project Vault actually a “security-dedicated computer [in] a MicroSD card with a driver-free interface and encryption and secure communication,” explained development lead Peiter “Mudge” Zatko. He wasn’t kidding about the computer part — Project Vault packs an antenna, 4GB of storage, and an ARM processor on a thumb-sized card. Zatko says modern hardware informed the team’s choice of form factor. “You already have secure elements in your phones and computers, like SIM cards and Trusted Platform Modules for OEMs,” he said. “What about a secure element that protects the things important to you?”

In abstract, Project Vault accomplishes this all rather simply: plug it into a phone or computer and communications with nearby Vault users — video, audio, photos, and text — are encrypted. That’s accomplished with immutable logging, a record of all attempts by nefarious third parties to access the cars, and with a real-time operating system (RTOS) with a wealth of cryptographic tools, including a random number generator and hashing, at its disposal.

Communication worked seamlessly in the on-stage demo. Two smartphones with Project Vault cards were able to send and receive instant messages directly in real time.

ATAP’s producing Vault modules for enterprise right now, but it’s releasing the software under an open source license. “We’re doing this to be fully transparent because we want developers to be able to see how it works, understand it, and trust it,” Zatko explained. The team plans to deploy 500 prototypes internally and release development hardware at some point in the near future.

“It shouldn’t matter how many doors or windows your house has as long as it has a vault in it,” Zatko said.

Emerging Tech

Awesome Tech You Can’t Buy Yet: Folding canoes and ultra-fast water filters

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!
Cars

Bloodhound’s plan to build a 1,000-mph car has run out of gas

The Bloodhound supersonic car (SSC) project has officially shut down. The upside is you can now buy a 135,000-horsepower car powered by a jet engine and a cluster of rockets for $319,000.
Deals

These Raspberry Pi 3 bundles will cover everyone, from coders to gamers

The Raspberry Pi 3 is a low-budget computing platform capable of doing just about anything. We rounded up a handful of the best Raspberry Pi 3 bundles to get you started on a variety of DIY projects.
Computing

How to change your Gmail password in just a few quick steps

Regularly updating your passwords is a good way to stay secure online, but each site and service has their own way of doing it. Here's a quick guide on how to change your Gmail password in a few short steps.
Emerging Tech

This implant goes beyond pacemakers, helps aging hearts beat more vigorously

The FDA's advisory committee has voted to recommend an innovative pacemaker-style gadget be approved in the U.S. The Optimizer Smart Implantable Pulse Generator boosts performance, strength, and pumping ability of weakened heart chambers.
Mobile

Galaxy Watch vs. Apple Watch Series 4: Which one is the smartest?

The Samsung Galaxy Watch and the Apple Watch Series 4 are two of the best smartwatches available today. But which is better? We put the two watches head-to-head to find out which you should buy.
Product Review

Montblanc Summit 2 offers smart functionality but still looks good with a suit

Montblanc’s Summit 2 is the first smartwatch to use Qualcomm’s Snapdragon Wear 3100 processor. It’s feature packed, with GPS, NFC for Google Pay, and a heart rate sensor, but it also has the classic timepiece look.
Wearables

The $200 TicWatch C2 smartwatch is now being sold in the U.S. and U.K.

Digital well-being and disconnecting from your phone is one of 2018's big trends. Mobvoi wants you to think about its TicWatch C2 smartwatch as a great way to help you use your phone less.
Deals

The best Apple Watch deals for December 2018

The Apple Watch has surged to prominence in recent years. If you're in the market for an iOS wearable, we've sniffed out the best Apple Watch deals available right now for all three models of this great smartwatch.
Outdoors

Built to take a beating and still perform, these are the best hiking watches

A proper hiking watch should track exercise metrics and act as a navigational co-pilot during any kind of hike. Ideally, it'll even have a built-in GPS system and sensors. Here are five of the best hiking watches.
Mobile

Beddit Sleep Monitor 3.5 now available on the Apple Store

The Beddit Sleep Monitor 3.5 is now available on the Apple Store for $150. The sensor strip, which is only 2 millimeters thin, automatically tracks a wide array of sleep data when placed under the user's sheets.
Outdoors

Conquer the cold season with the best heated clothing and outdoor apparel

If you're thinking about going outside this winter, heated apparel is a must. Luckily, we've rounded up some of the best heated clothing, whether you're looking for battery-powered gloves or heated insoles.
Outdoors

Crush your next workout with the best Fitbit for every activity

Fitbits are amazingly helpful tools for setting fitness goals and tracking progress. However, different activities require different metrics. We've gathered a list of the best Fitbits for running, swimming, biking, and other activities.
Deals

Check out the best Green Monday deals for those last-minute gifts

Black Friday and Cyber Monday have come and gone, but that doesn't mean you've missed your chance of finding a great deal. We're talking about Green Monday, of course, and it falls on December 10.