Skip to main content

Google wants to kill the password, and came up with an ingenius way to do it

google atap plan to kill passwords maxresdefault
Image used with permission by copyright holder
Google’s Advanced Technologies and Projects (ATAP) unveiled a bundle at the group’s I/O keynote this morning, but two of the most interesting presentations dealt with passwords, or “relics,” as division head Regina Dugan called them. “Passwords suck,” she explained, for a variety of reasons. According to ATAP’s data, 70 percent of users forget their passwords, and don’t often do a very good job creating hard-to-crack phrases besides — “Humans are a bad source of entropy,” Dugan said. In an effort to develop more reliable security, ATAP developed Project Abacus, an analytical system based on machine learning, and Project Vault, a cryptographic MicroSD card.

The scale of Project Abacus was so vast that ATAP sought outside help — Dugan said the department recruited 25 researchers from 16 institutions to participate in development. With the added brainpower and the help of hundreds of volunteers, they managed to create a new method of authentication that Dugan said is not only 10 times more secure than the best fingerprint sensor available, but also entirely based in software — it requires no special operating system or hardware.

Project Abacus works, she explained, by continually generating a “trust score” from data the hardware on which it’s running collects — the apps you most frequently use, for example, or your location. To demonstrate, two researchers on stage passed a smartphone running Abacus software back and forth. The front-facing camera collected facial data and algorithms calculated trustworthiness in real time. When the second researcher used an app at a time of day the first researcher typically didn’t, the “score,” represented on a line graph, decreased.

Dugan was coy about workings and prospects of Project Abacus, but stressed the code was simple enough to be packaged in a software update.

Project Vault, on the other hand, is physical. But that doesn’t make it any less impressive. It’s capable of creating a secure communications channel on any device with a MicroSD slot.

Image used with permission by copyright holder

That may sound like magic, but Project Vault actually a “security-dedicated computer [in] a MicroSD card with a driver-free interface and encryption and secure communication,” explained development lead Peiter “Mudge” Zatko. He wasn’t kidding about the computer part — Project Vault packs an antenna, 4GB of storage, and an ARM processor on a thumb-sized card. Zatko says modern hardware informed the team’s choice of form factor. “You already have secure elements in your phones and computers, like SIM cards and Trusted Platform Modules for OEMs,” he said. “What about a secure element that protects the things important to you?”

In abstract, Project Vault accomplishes this all rather simply: plug it into a phone or computer and communications with nearby Vault users — video, audio, photos, and text — are encrypted. That’s accomplished with immutable logging, a record of all attempts by nefarious third parties to access the cars, and with a real-time operating system (RTOS) with a wealth of cryptographic tools, including a random number generator and hashing, at its disposal.

Communication worked seamlessly in the on-stage demo. Two smartphones with Project Vault cards were able to send and receive instant messages directly in real time.

ATAP’s producing Vault modules for enterprise right now, but it’s releasing the software under an open source license. “We’re doing this to be fully transparent because we want developers to be able to see how it works, understand it, and trust it,” Zatko explained. The team plans to deploy 500 prototypes internally and release development hardware at some point in the near future.

“It shouldn’t matter how many doors or windows your house has as long as it has a vault in it,” Zatko said.

Editors' Recommendations

Kyle Wiggers
Former Digital Trends Contributor
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
Everything announced at Google I/O 2023: Pixel Fold, Pixel 7a, and more
The Google I/O 2023 logo outside Mountain View.

Every year, Google takes to Google I/O to announce its plans and products for the coming year. While the event itself will run for several days, the opening keynote presentation covers all the major announcements, from the newest version of Android to the latest versions of the Pixel smartphones.

So, what did Google have in store for us with Google I/O 2023? Quite a lot! From the Pixel Fold to the Pixel 7a to a ton of AI updates and more, here are all of the biggest announcements from Google I/O 2023.
Google Pixel Fold

Read more
Apple and Google are teaming up to make tracking devices less creepy
Apple AirTag lifestyle image.

Apple and Google are partnering to develop a new standard for Bluetooth tracking devices that seeks to stop malicious stalking and other abusive use of gadgets like the Apple AirTag. Essentially, this would be a universal, OS-level tracker detection and alert system that will work uniformly across Android and iOS. The two companies are inviting stakeholders to review the proposal and submit their feedback within the next three months.

Once the feedback period is over, all the involved parties will work together to finalize the technical standardization, with the hope of releasing a market-ready version by the end of the year. Following the release and adoption by makers of tracking devices, the tech will be generally made available via a software update for Android and iOS devices.
Better late than never

Read more
Your Google One plan just got 2 big security updates to keep you safe online
Two Google Pixel 7 Pro smartphones.

Google just added some major new security features to keep its Google One subscribers safe while on the web. After all, the internet is where you spend a lot of your time, whether that's looking things up, paying bills, shopping, booking appointments, or sharing photos with family and friends. That’s a lot of information, and Google wants to keep subscribers safe from the darker side of the web.

Regardless of whether you use an iPhone or an Android smartphone, all Google One subscribers are getting the following two security features.
VPN by Google One for everyone

Read more