Security Without Passwords?
Google has promised to eliminate the need for passwords by the end of 2016, at its recent developers’ conference called Google I/O. And the company is making measurable progress towards that worthy goal. Will you be password-free by the end of this year? Will an ancient tabulating device play a role in the process? Read on to learn the details... |
Can Google Eliminate Need For Passwords By Year-End?
in June, Google released to developers the “Trust API” that gives developers access to “Abacus,” a software authentication engine that makes password-free Android apps possible. Normally, I would be disappointed by the neglect of desktop PC users (see Is Desktop Software Dying?) but Android smartphones contain hardware that is essential to Abacus’ functioning and the death of passwords on phones.
Abacus makes use of a phone’s camera, microphone, and built-in accelerometer. It recognizes your face, your voice, the rhythm of your movements, and the way you type, combining many biometric measurements into a digital signature that uniquely identifies the authorized user of a phone. It also uses location information provided by your phone’s GPS, another feature not found in desktop PCs.
App developers will use the Trust API to access Abacus, which will be integrated into the Android operating system. Some of the applications already developed using Abacus are pretty impressive.
A demo of Abacus at Google I/O featured several Google employees passing an Android phone between themselves. Abacus was able to identify each rapidly-changing holder of the phone in a split second, granting or denying access to the phone’s features appropriately.
Several “major financial institutions” are testing Abacus-based applications in June, Google reports without naming them or detailing what, exactly, they are testing. Accessing bank accounts securely without having to remember or carry a password is an obvious benefit of Abacus. Paying for an Uber ride or another “sharing economy” service that depends on Android apps is another fertile field for Abacus. Password-less authentication holds great potential for human happiness.
On The Other Hand...
But Abacus also has disturbing implications for privacy. It monitors a phone’s human holder continuously, recording facial expressions, speech and tone of voice, movements, and even any limp or roll in one’s walk. What you type as well as the patterns of your keystrokes gets recorded. An individual’s unique style of written communication is another piece of identity equation. So are the topics that one writes about.
Obviously, the data that Abacus collects could be of great value to hackers. Not only could they use it to impersonate you on another Abacus-enabled phone, they could mine the data to learn where you live, what assets are there, and when you are not at home. An Abacus enslaved to a bad guy is a terrifying vision.
On the other, other hand, I would argue that weak human-managed passwords that can be easily guessed or cracked leave you equally open to fraud or identity theft.
How Abacus will adapt to bona fide changes in your biometric signals is another question. Will it recognize your voice when you have a cold? Will growing a beard thwart facial recognition, leaving you locked out of your phone? An injured finger can change the pattern of your keystrokes; how will that affect Abacus’ recognition of you?
No more passwords? It sounds wonderful and scary at the same time. The tech behind Abacus is impressive. Its actual performance in millions of real-life scenarios remains to be seen.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 20 Jun 2016
For Fun: Buy Bob a Snickers. |
Prev Article: [LAST CALL] For Windows 7 PCs |
The Top Twenty |
Next Article: [MATCH] Your Face Predicts Your Behavior? |
There's more reader feedback... See all 23 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- Security Without Passwords? (Posted: 20 Jun 2016)
Source: https://askbobrankin.com/security_without_passwords.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Security Without Passwords?"
(See all 23 comments for this article.)Posted by:
Will
20 Jun 2016
Diane hit what could be a killer app. The medical usage affects could be enormous.
Wow!
Posted by:
Daniel
20 Jun 2016
I find this fascinating. Does this software/avi rest on the device itself? Or is it dependent on a good cell signal?
Diane: There was an episode in Stargate SG1 where this advanced society constantly monitored the health of it's people. It allowed medical help to arrive before someone knew they were sick. This was accomplished by wearing a bracelet. Another purpose for smart watches?
In reading Neil Licht's comments, it sounds like we are further along than I thought. If Neil is right, we're getting closer to Star Trek every day! Beam me up!
Do I get a Snickers for throwing in two different Sci-fi references?
Posted by:
Gary
20 Jun 2016
I find the Google Authenticator app is an excellent way of providing a level of security that is tied to a specific user and their phone. I just wish more security conscious companies would incorporate the app into their online applications.
Posted by:
Mrs. King
20 Jun 2016
Security. Security. Will this be optional? Can it be turned off? Knowing that some hacker (and it will, eventually, be hacked)or dis-honest employee could have access to such, dare I say, 'intimate' information is truly frightening. Does anyone else think that this app may open flood gates that cannot be closed?
Posted by:
Ray
20 Jun 2016
Big Brother is here, but it's not the Government, It's Big Business who is keeping tabs on your every move.
Posted by:
Frank
20 Jun 2016
When I left the nuclear electric power plant field 20 years ago, we were using a hand scanner for access authorizaton. I see some problems with this new use of biometrics. Suppose I am injured and I have the only cell phone available. No one else can use my phone. Biometrics for gun control has some of the same problems. Suppose I see a police officer down. I can't grab his weapon and take out the shooter. Extreme situations, yes.
Posted by:
Bob K
20 Jun 2016
But I don't want my phone tied to just my use. I want to be able to give it's PIN number, or password, to someone else I trust. If no other reason if something happens to me where I am not able to use it.
Posted by:
Monte
20 Jun 2016
Hey Frank! Where's YOUR weapon to take out the shooter a lot sooner?
As to passwordless technology, we've been heading this way for a long time. Passwords are notoriously problematic, especially for the user creating and trying to remember them! Biometrics can surely be mimicked, and therefore proven just as useless as passwords, just not as easily.
I agree with Frank in that an API which is dependent upon one set of biometrics, which does not account for injury, sudden medical condition, or even the changes in a person during, say, a hostage situation, a fire, an explosion, etc. etc. etc. is very problematic. Shoot, waking up "on the wrong side of the bed" attitude really messes with a person's biometrics.
This is one tech show I'm really going to enjoy watching, especially when Bob keeps us so well informed about it. Thank you, Bob!!
Posted by:
Ken Mitchell
20 Jun 2016
This worries me....
"It recognizes your face, your voice, the rhythm of your movements, and the way you type, combining many biometric measurements into a digital signature that uniquely identifies the authorized user of a phone."
So does that mean that if I'm injured in a car accident and there's blood on my face and my voice is trembling and high-pitched by stress, that my PHONE isn't going to work? The voice recognition software in my car specifically recommends against using voice dialing when you're under stress, BECAUSE your voice will be different enough to be unrecognized, and that's WITHOUT the requirement that it be specifically recognized as MY voice - like a biometric ID would.
Eyes; does that mean that if I have a black eye or my eyes are bleeding that I can't call for help?
This doesn't offer much security; a good mimic could duplicate the way I tap or type, and if I'm injured I might not be able to do it myself.
Posted by:
DARCETHA MANNING
20 Jun 2016
Bob, you made some valid points, when you stated how would Abacus adapt, to bona-fide changes in your biometric signals, such as having a cold, growing a beard,or having an injured finger. Also, what about people who have a twin, or someone who sounds like you, or has similar features?
Although not having to remember passwords would make life easier, in my opinion, passwords are still safer than biometrics.
Posted by:
David Quinn
20 Jun 2016
Good artical
Posted by:
noseitall
20 Jun 2016
Google is more than happy to devour your entire information stash. It then becomes theirs, to do with as they please.
Posted by:
Erny Mills
20 Jun 2016
Scietists and teckies often think everything can be solved by science & technology! Not in this world!
I went back to a password when I cut my finger and the laptop didn't recognize the "backup finger"!
Posted by:
Lyle Liesner
20 Jun 2016
I don't know about you, but I have so little faith in google, I stay as far away from it as I can get.
Posted by:
Jay R
21 Jun 2016
After reading thru the comments, this thot came to me. What about the person with Parkinson's. The tremor will certainly vary with many things, including the medications. A good case of laryngitis could leave you with no alternative but finding a pay phone. Or have these vanished like the dodo? I pretty much have quit watching creature features. Some of Bob's stuff is very alarming. As is the 10:00 news. BTW, My iDrive came today. I have backed up into the cloud. (I hope it doesn't rain.)
Posted by:
Denis
21 Jun 2016
I would think that the biometrics would be bypassed to allow emergency calls anyone from the phone. Enter 911 or whatever the emergency number is in your particular country and the phone an be used for that number only without going through the phones security system.
Posted by:
pmwill
21 Jun 2016
Reminds me of the series called persons of interest.
Great show and all too real in the direction that people in high places are willing to go. AI is either here or just around the corner. Are you ready for total enslavement?
Posted by:
Joseph
21 Jun 2016
Ray: Big business was already in charge in the 1980s series "Max Headroom". Anybody remember him/it?
Posted by:
RandiO
21 Jun 2016
Be careful what you ask for...
Strong and maintained passwords have never been rocket science!
"On the other, other hand", the argument about apples/oranges equally apply to freedom/safety.
What of those %$#@ passwords to log-in to websites? Or did we get rid 'them' passwords too?
And would that now mean that some of my [your?] google-trusted biometrics data will be shared with whomever?
Posted by:
Susan L Francois
06 Jul 2016
Remember when window's security was beefed up and so if you changed too much of your computer's hw all at once you'd be locked out of your own machine? Wondering what they'll do so that folks who have an extreme life-changing situation like an accident or stroke can do to access their phone? And will this failsafe be a backdoor be the hacker?