PDA

View Full Version : Google’s testing a system that replaces your password with your phone



Wireless News
12-22-2015, 05:20 PM
http://l2.yimg.com/bt/api/res/1.2/DKcBRqDYLJIZ970iVXCkpg--/YXBwaWQ9eW5ld3NfbGVnbztmaT1maWxsO2g9ODY7cT03NTt3PT EzMA--/http://media.zenfs.com/en-US/homerun/digital_trends_973/6348a2e3e23fc9397e99ef716602620d (http://news.yahoo.com/google-testing-system-replaces-password-203206700.html)A fair argument could be made that passwords are-more of a hassle than they’re worth. They’re a pain to juggle, recall, and enter, and in most cases-aren’t even secure enough to protect from the most common forms of malicious cracking —-according to a survey by cybersecurity firm TeleSign, 21 percent of people use passwords-that are 10 years old and 73 percent use-duplicated passwords. That’s why companies from Twitter to Microsoft, with the approval of the White House, have launched ambitious plans to “kill the password” in recent years, and one reason-why Google’s eschewing passwords entirely:-according to a Reddit user, the Internet monolith is testing a password-free login system-that relies on a-smartphone for authentication. In a thread on Reddit, rp1225 reported receiving-an e-mail invitation to test a new Google login method: smartphone-based sign in. Instead of relying on a pass phrase or two-factor authentication to secure your account, the new system leverages your smartphone’s location data and security settings. Here’s how it appears to-work: after formally-enrolling in the program, accepting an invitation for a private Google Group, selecting a compatible phone, and enabling a form of screen lock on said phone, logging in to your Google account would no longer require a password. Instead, a prompt would appear on your smartphone when you-sign in on the Web. Related:- This wallet-sized cypher card lets you generate endless secure passwords that you can actually remember The program’s very much a work in progress, an FAQ included in the invitation notes. Depending on the circumstances, enrolled users “may be asked to complete an extra step or two,” and password-based login isn’t disabled entirely; you can still use your old-pass code in case your phone’s dead, lost, or missing. There’s a mechanism for enrolling a new phone, too (although the criteria for “compatible” phones isn’t exactly clear), and a way to opt-out of the new login system altogether. The new system’s the latest of Google’s attempts to reduce reliance on passwords.-In Android 5.1, the firm introduced On-Body detection, a system that measures your smartphone’s sensors to automatically bypass the lockscreen in certain scenarios. It joined the FIDO Alliance to develop password-free standards. And in 2013, Google’s security team experimented with a Yubico cryptographic card that, when slid into a USB reader, could-automatically log into an associated Google account. And-Google has some even wackier ideas. In a paper published in the engineering journal- IEEE Security & Privacy Magazine , Eric Grosse, Google’s vice president of security, and engineer Mayank Upadhyay envision-a “smartphone” or “smartcard-embedded ring finger” that can authorize-a computer via nothing more than a tap. That may not come to pass, but if there’s one thing that’s certain, it’s that the password is doomed.-Might as well give your current crop of pass codes (“password12345,” anyone?) an early retirement.



More... (http://news.yahoo.com/google-testing-system-replaces-password-203206700.html)