Google aims to kill pass­words by the end of this year


Google will be­gin test­ing an al­ter­na­tive to pass­words next month, in a move that could do away with com­pli­cated lo­gins for good. The new fea­ture, in­tro­duced to de­vel­op­ers at the com­pany’s I/O con­fer­ence, is called the Trust API, and will ini­tially be tested with “sev­eral very large fi­nan­cial in­sti­tu­tions” in June, ac­cord­ing to Google’s Daniel Kauf­man.

Kauf­man is the head of Google’s Ad­vanced Tech­nol­ogy and Projects group, where the Trust API was first cre­ated un­der the co­de­name Project Aba­cus. In­tro­duced last year, Aba­cus aims to kill pass­words not through one su­per-se­cure re­place­ment, but by mix­ing to­gether mul­ti­ple weaker in­di­ca­tors into one solid piece of ev­i­dence that you are who you say you are.

Among the pieces of ev­i­dence that Google sug­gests the Trust API could use are some ob­vi­ous bio­met­ric in­di­ca­tors, such as your face shape and voice pat­tern, as well as some less ob­vi­ous ones: how you move, how you type and how you swipe on the screen.

With the ser­vice con­tin­u­ally run­ning in the back­ground of the phone, it can keep track of whether those in­di­ca­tors match how it knows you use your phone.

In­di­vid­u­ally, it would be lu­di­crous to use any of those meth­ods to se­cure web ser­vices. Even fa­cial recog­ni­tion, now built in to many An­droid phones, is sig­nif­i­cantly less se­cure than a fin­ger­print scan­ner, ac­cord­ing to Google’s own met­rics. But com­bin­ing them can, the com­pany sug­gests, re­sult in some­thing more than 10 times as se­cure as a fin­ger­print.

This year, Google showed how Trust API has built on the Project Aba­cus base. The ser­vice will be open to third par­ties, al­low­ing other or­gan­i­sa­tions to very your iden­tity through the API. Ini­tially, banks will use it to ver­ify cus­tomers log­ging in through An­droid, but “by the end of the year”, it should be avail­able to ev­ery de­vel­oper.

Cru­cial to the API is open­ing up the ser­vice’s es­ti­mates of se­cu­rity. Rather than giv­ing a bi­nary an­swer, as a pass­word does, the API can hand over a score to in­di­cate how con­fi­dent it is that you re­ally are you. If the in­sti­tu­tion needs more con­fi­dence, it can feed back and ask for ad­di­tional mech­a­nisms: more bio­met­ric data, for in­stance, or an old-style pass­word.

Google isn’t the only or­gan­i­sa­tion work­ing on such a plan. Lon­don­based Nok Nok Labs has a sim­i­lar pro­posal in place, link­ing in­for­ma­tion from man­u­fac­tur­ers, mobile net­works and users to­gether in a web of trust.

Richard Lack, of customer iden­tity man­age­ment firm Gi­gya, says ap­proaches like Google’s are likely to pay off. “Con­sumers tell us that they are strug­gling to re­mem­ber what is now an av­er­age of over 100 pass­words in Europe.

At a time when the num­ber of de­vices we own is ris­ing sharply, this frus­tra­tion has rel­e­gated the reg­is­tra­tion process to be­ing the most bro­ken thing about the in­ter­net. The fu­ture lies in meth­ods of au­then­ti­ca­tion with­out pass­words, which con­sumers clearly favour, both in terms of con­ve­nience and en­hanced se­cu­rity.

“Bio­met­ric au­then­ti­ca­tion is a pow­er­ful en­abler, al­low­ing busi­nesses smart enough to de­ploy it to sig­nif­i­cantly in­crease rates of reg­is­tra­tion, gain­ing data and in­sight about their cus­tomers, while also in­creas­ing customer se­cu­rity. This is a win/win sce­nario which sounds the death-knell for awk­ward and in­se­cure pass­words sooner than we may imag­ine.”

in­con­ceiv­ably large num­bers, not to men­tion some mind-bog­gling work­ing con­cepts.

At the mo­ment those con­cepts are clos­est to en­ter­ing re­al­ity in an un­fash­ion­able sub­urb in the south­west cor­ner of Trudeau’s home­land.

In a neat, spa­cious lab in Burn­aby, a satel­lite of Van­cou­ver, I’m look­ing in­side what ap­pears to be a large black fridge about 10 feet high. Within it is an elab­o­rate struc­ture of cir­cuit boards, not un­like the sort of thing a physics class might con­struct out of Mec­cano, ex­cept with beau­ti­fully colour­ful nio­bium wafers as the cen­tre­piece. It all looks fairly un­re­mark­able, yet some­where in here a mul­ti­plic­ity of dif­fer­ent uni­verses are thought to ex­ist.

The lab be­longs to a small com­pany called D-Wave, a highly skilled col­lec­tion of just 140 em­ploy­ees that prides it­self on build­ing the world’s first func­tion­ing quan­tum com­puter, which is what is con­tained within the large fridge-like cas­ing. Ac­tu­ally it is a fridge, the cold­est fridge ever as­sem­bled. The cool­ing ap­pa­ra­tus en­ables the nio­bium com­puter chip at its core to func­tion at a tem­per­a­ture of just un­der –273C, or as close to ab­so­lute zero as the known uni­verse gets.

The su­per­cooled en­vi­ron­ment is nec­es­sary to main­tain co­her­ent quan­tum ac­tiv­ity of su­per­po­si­tion and en­tan­gle­ment, the state in which par­ti­cles be­gin to in­ter­act – again rather mys­te­ri­ously – code­pen­dently, and the qubits are linked by quan­tum me­chan­ics re­gard­less of their po­si­tion in space. Any in­tru­sion of heat or light would cor­rupt the process and thus the ef­fec­tive­ness of the com­puter.

Ex­actly how and why quan­tum physics ad­heres to these sci­encefic­tion like rules re­mains an is­sue of great spec­u­la­tion, but per­haps the most com­mon the­ory is that the dif­fer­ent quan­tum states ex­ist in sep­a­rate uni­verses. The D-Wave quan­tum com­puter I look at has one thou­sand qubits.

Newspapers in English

Newspapers from Tanzania

© PressReader. All rights reserved.