Google wants you to stop using passwords. Why?
Simply using a password isn’t considered very secure anymore. Made obvious by the fact that companies are getting hacked left and right with mass amounts of passwords exposed. Not to mention many people just aren’t using secure passwords in the first place.
Another option is two-factor authentication, and it’s a good step-up. It requires something you know (your password) and something you have, like your phone or email. When you login with your password, you are sent a code via text or email. You then enter that code to complete the login. Although this is very secure, it’s also quite a hassle and takes more of your valuable time.
Enter Google’s Trust Api. The Trust API is always running the background. It monitors how you use your device. Such as typing behavior, vocal inflections, facial recognition, and location. It then assigns a score base on how sure its you using the device. Apps can then use this score to log you directly, without the need for a password. Depending on the app it may require a better score to login. For example a banking app would require a very high score, where as a game would be fine with a lower score. If the app doesn’t like the current trust score rating it may ask for your password just to be sure.
“Why couldn’t it just know who I was, so I don’t need a password? It should just be able to work.”
– Daniel Kaufman head of Google’s ATAP team.
This is a great solution because it can be more secure than a password, but also much easier. So long as it’s you using the phone everything will just work. If you lose your phone and someone else tries to use it everything will automatically lock because its knows its not you.
The Trust Api will be available to developers to start integrating into their apps by the end of this year, assuming testing goes well. That means by next year apps could be using this and you may never have to enter a password again.