Skip to main content

Google wants to kill the password, and came up with an ingenius way to do it

google atap plan to kill passwords maxresdefault
Image used with permission by copyright holder
Google’s Advanced Technologies and Projects (ATAP) unveiled a bundle at the group’s I/O keynote this morning, but two of the most interesting presentations dealt with passwords, or “relics,” as division head Regina Dugan called them. “Passwords suck,” she explained, for a variety of reasons. According to ATAP’s data, 70 percent of users forget their passwords, and don’t often do a very good job creating hard-to-crack phrases besides — “Humans are a bad source of entropy,” Dugan said. In an effort to develop more reliable security, ATAP developed Project Abacus, an analytical system based on machine learning, and Project Vault, a cryptographic MicroSD card.

The scale of Project Abacus was so vast that ATAP sought outside help — Dugan said the department recruited 25 researchers from 16 institutions to participate in development. With the added brainpower and the help of hundreds of volunteers, they managed to create a new method of authentication that Dugan said is not only 10 times more secure than the best fingerprint sensor available, but also entirely based in software — it requires no special operating system or hardware.

Project Abacus works, she explained, by continually generating a “trust score” from data the hardware on which it’s running collects — the apps you most frequently use, for example, or your location. To demonstrate, two researchers on stage passed a smartphone running Abacus software back and forth. The front-facing camera collected facial data and algorithms calculated trustworthiness in real time. When the second researcher used an app at a time of day the first researcher typically didn’t, the “score,” represented on a line graph, decreased.

Dugan was coy about workings and prospects of Project Abacus, but stressed the code was simple enough to be packaged in a software update.

Project Vault, on the other hand, is physical. But that doesn’t make it any less impressive. It’s capable of creating a secure communications channel on any device with a MicroSD slot.

google-io-2015-atap0076
Image used with permission by copyright holder

That may sound like magic, but Project Vault actually a “security-dedicated computer [in] a MicroSD card with a driver-free interface and encryption and secure communication,” explained development lead Peiter “Mudge” Zatko. He wasn’t kidding about the computer part — Project Vault packs an antenna, 4GB of storage, and an ARM processor on a thumb-sized card. Zatko says modern hardware informed the team’s choice of form factor. “You already have secure elements in your phones and computers, like SIM cards and Trusted Platform Modules for OEMs,” he said. “What about a secure element that protects the things important to you?”

In abstract, Project Vault accomplishes this all rather simply: plug it into a phone or computer and communications with nearby Vault users — video, audio, photos, and text — are encrypted. That’s accomplished with immutable logging, a record of all attempts by nefarious third parties to access the cars, and with a real-time operating system (RTOS) with a wealth of cryptographic tools, including a random number generator and hashing, at its disposal.

Communication worked seamlessly in the on-stage demo. Two smartphones with Project Vault cards were able to send and receive instant messages directly in real time.

ATAP’s producing Vault modules for enterprise right now, but it’s releasing the software under an open source license. “We’re doing this to be fully transparent because we want developers to be able to see how it works, understand it, and trust it,” Zatko explained. The team plans to deploy 500 prototypes internally and release development hardware at some point in the near future.

“It shouldn’t matter how many doors or windows your house has as long as it has a vault in it,” Zatko said.

Editors' Recommendations

Kyle Wiggers
Former Digital Trends Contributor
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
Google wants to kill your passwords on Android and Chrome with passkeys
Google passkeys on Android

Google is building out passkey support into Android, though you won't be able to use it yet without some tinkering. The search giant shared that it would be making the password-killing feature available for testing today for users on Google Play Services Beta or Chrome Canary, with general availability coming later in the year. Aside from Android and Chrome devices, passkeys also became available earlier with Safari on iOS 16 and macOS Ventura.

Passkeys are essentially intended to be a replacement for passwords. Rather than having to maintain an alphanumeric pattern for a particular site, however, they'll be using the device you most likely have in your hand. By leveraging fingerprint or facial recognition support, or even pins, any operating system that supports passkeys will use your device to create a private key that interfaces with a service's public key. Both keys combined will be your passkey. You can use passkeys alongside passwords, or in lieu of them. They'll be stored on your device's password manager, including Google's own Password Manager and iCloud's KeyChain.

Read more
Google wants you to know Android apps aren’t just for phones anymore
Person holding Samsung Galaxy smartphone showing Google Play Store.

When most people think of the Google Play Store, the first thing that comes to mind is smartphones. However, the spread of the Android ecosystem is far broader than that, and Google is taking steps to increase awareness of this and make it easier for folks to find apps on the Play Store for their smart TVs, watches, and even cars.

In a blog post today, the Google Play team announced three significant changes that should make it easier for Android fans to discover apps for all their devices, right from their phone. This includes recommendations of apps for non-phone devices, a search filter to focus on only games optimized for non-phone devices, and even a remote install feature that will let you deliver those apps to your Android TV, Wear OS watch, or Android Automotive-equipped car.

Read more
Google Drive, Docs, and other apps are getting way better on Android tablets
new workspace updates for android tablets.

Google is bringing the desktop experience for its core Workspace apps to Android tablets, adding some much-needed productivity flair. The changes, which come in the wake of announcements made at I/O earlier this year, are targeted at improving the split-screen multitasking experience after laying down the foundations with Android 12L.

The first and most important change is the ability to drag and drop images from an app running in one window to another app running side by side in a second window. Google says the Chrome browser and Workspace apps like Sheets will support the drag-and-drop trick for Docs and spreadsheet cells, among other services.

Read more