Security Without Passwords?
Google has promised to eliminate the need for passwords by the end of 2016, at its recent developers’ conference called Google I/O. And the company is making measurable progress towards that worthy goal. Will you be password-free by the end of this year? Will an ancient tabulating device play a role in the process? Read on to learn the details...
Can Google Eliminate Need For Passwords By Year-End?
in June, Google released to developers the “Trust API” that gives developers access to “Abacus,” a software authentication engine that makes password-free Android apps possible. Normally, I would be disappointed by the neglect of desktop PC users (see Is Desktop Software Dying?) but Android smartphones contain hardware that is essential to Abacus’ functioning and the death of passwords on phones.
Abacus makes use of a phone’s camera, microphone, and built-in accelerometer. It recognizes your face, your voice, the rhythm of your movements, and the way you type, combining many biometric measurements into a digital signature that uniquely identifies the authorized user of a phone. It also uses location information provided by your phone’s GPS, another feature not found in desktop PCs.
App developers will use the Trust API to access Abacus, which will be integrated into the Android operating system. Some of the applications already developed using Abacus are pretty impressive.
A demo of Abacus at Google I/O featured several Google employees passing an Android phone between themselves. Abacus was able to identify each rapidly-changing holder of the phone in a split second, granting or denying access to the phone’s features appropriately.
Several “major financial institutions” are testing Abacus-based applications in June, Google reports without naming them or detailing what, exactly, they are testing. Accessing bank accounts securely without having to remember or carry a password is an obvious benefit of Abacus. Paying for an Uber ride or another “sharing economy” service that depends on Android apps is another fertile field for Abacus. Password-less authentication holds great potential for human happiness.
On The Other Hand...
But Abacus also has disturbing implications for privacy. It monitors a phone’s human holder continuously, recording facial expressions, speech and tone of voice, movements, and even any limp or roll in one’s walk. What you type as well as the patterns of your keystrokes gets recorded. An individual’s unique style of written communication is another piece of identity equation. So are the topics that one writes about.
Obviously, the data that Abacus collects could be of great value to hackers. Not only could they use it to impersonate you on another Abacus-enabled phone, they could mine the data to learn where you live, what assets are there, and when you are not at home. An Abacus enslaved to a bad guy is a terrifying vision.
On the other, other hand, I would argue that weak human-managed passwords that can be easily guessed or cracked leave you equally open to fraud or identity theft.
How Abacus will adapt to bona fide changes in your biometric signals is another question. Will it recognize your voice when you have a cold? Will growing a beard thwart facial recognition, leaving you locked out of your phone? An injured finger can change the pattern of your keystrokes; how will that affect Abacus’ recognition of you?
No more passwords? It sounds wonderful and scary at the same time. The tech behind Abacus is impressive. Its actual performance in millions of real-life scenarios remains to be seen.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 20 Jun 2016
|For Fun: Buy Bob a Snickers.|
[LAST CALL] For Windows 7 PCs
The Top Twenty
[MATCH] Your Face Predicts Your Behavior?
There's more reader feedback... See all 23 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Security Without Passwords? (Posted: 20 Jun 2016)
Copyright © 2005 - Bob Rankin - All Rights Reserved