Google wants to do away with traditional passwords on Android and replace them with “trust scores”.
The company outlined how it is planning to make the transition away from passwords on its mobile platform by 2017 during its I/O conference last week. By using a variety of different metrics, Google’s Trust API technology would be able to replace traditional passwords and pins used to unlock its smartphones.Typing speed, vocal inflections, facial recognition and how close a user’s device is to familiar Wi-Fi hotspots and Bluetooth devices are some of the metrics that the new system will use to determine if the user accessing the device is indeed its owner.
Google will allow access to games and basic tools even if a low trust score is detected. This would allow other users to access the core functionality of a device without delving into more private sensitive data. A device could then be used in what is essentially guest mode without the need to switch from its primary account. Apps that are more sensitive such as email and online banking apps would require correct Wi-Fi and Bluetooth data along with a high score to open.
While it will be easier for other users to access a phone, Google’s new trust score system could lead to possible privilege exploitation attacks. However if a user sets a passcode and then forgets it, they will be locked out and unable to access their own data. So essentially Google has made a trade-off between security and convenience with its trust score system. This is quite different from how Android currently operates as it lets a user access every app on a device once it has been unlocked.
Richard Lack, director of Sales EMEA at identity management firm Gigya, is in support of Google’s new initiative: The future lies in methods of authentication without passwords, which consumers clearly favor both in terms of convenience and enhanced security.
“Biometric authentication is a powerful enabler allowing businesses smart enough to deploy it to significantly increase rates of registration, gaining data and insight about their customers, while also increasing customer security. This is a win/win scenario which sounds the death-knell for awkward and insecure passwords sooner than we may imagine”.