Google aims to kill passwords by the end of this year
Google will begin testing an alternative to passwords next month, in a move that could do away with complicated logins for good. The new feature, introduced to developers at the company’s I/O conference, is called the Trust API, and will initially be tested with “several very large financial institutions” in June, according to Google’s Daniel Kaufman.
Kaufman is the head of Google’s Advanced Technology and Projects group, where the Trust API was first created under the codename Project Abacus. Introduced last year, Abacus aims to kill passwords not through one super-secure replacement, but by mixing together multiple weaker indicators into one solid piece of evidence that you are who you say you are.
Among the pieces of evidence that Google suggests the Trust API could use are some obvious biometric indicators, such as your face shape and voice pattern, as well as some less obvious ones: how you move, how you type and how you swipe on the screen.
With the service continually running in the background of the phone, it can keep track of whether those indicators match how it knows you use your phone.
Individually, it would be ludicrous to use any of those methods to secure web services. Even facial recognition, now built in to many Android phones, is significantly less secure than a fingerprint scanner, according to Google’s own metrics. But combining them can, the company suggests, result in something more than 10 times as secure as a fingerprint.
This year, Google showed how Trust API has built on the Project Abacus base. The service will be open to third parties, allowing other organisations to very your identity through the API. Initially, banks will use it to verify customers logging in through Android, but “by the end of the year”, it should be available to every developer.
Crucial to the API is opening up the service’s estimates of security. Rather than giving a binary answer, as a password does, the API can hand over a score to indicate how confident it is that you really are you. If the institution needs more confidence, it can feed back and ask for additional mechanisms: more biometric data, for instance, or an old-style password.
Google isn’t the only organisation working on such a plan. Londonbased Nok Nok Labs has a similar proposal in place, linking information from manufacturers, mobile networks and users together in a web of trust.
Richard Lack, of customer identity management firm Gigya, says approaches like Google’s are likely to pay off. “Consumers tell us that they are struggling to remember what is now an average of over 100 passwords in Europe.
At a time when the number of devices we own is rising sharply, this frustration has relegated the registration process to being the most broken thing about the internet. The future lies in methods of authentication without passwords, which consumers clearly favour, both in terms of convenience and enhanced security.
“Biometric authentication is a powerful enabler, allowing businesses smart enough to deploy it to significantly increase rates of registration, gaining data and insight about their customers, while also increasing customer security. This is a win/win scenario which sounds the death-knell for awkward and insecure passwords sooner than we may imagine.”
inconceivably large numbers, not to mention some mind-boggling working concepts.
At the moment those concepts are closest to entering reality in an unfashionable suburb in the southwest corner of Trudeau’s homeland.
In a neat, spacious lab in Burnaby, a satellite of Vancouver, I’m looking inside what appears to be a large black fridge about 10 feet high. Within it is an elaborate structure of circuit boards, not unlike the sort of thing a physics class might construct out of Meccano, except with beautifully colourful niobium wafers as the centrepiece. It all looks fairly unremarkable, yet somewhere in here a multiplicity of different universes are thought to exist.
The lab belongs to a small company called D-Wave, a highly skilled collection of just 140 employees that prides itself on building the world’s first functioning quantum computer, which is what is contained within the large fridge-like casing. Actually it is a fridge, the coldest fridge ever assembled. The cooling apparatus enables the niobium computer chip at its core to function at a temperature of just under –273C, or as close to absolute zero as the known universe gets.
The supercooled environment is necessary to maintain coherent quantum activity of superposition and entanglement, the state in which particles begin to interact – again rather mysteriously – codependently, and the qubits are linked by quantum mechanics regardless of their position in space. Any intrusion of heat or light would corrupt the process and thus the effectiveness of the computer.
Exactly how and why quantum physics adheres to these sciencefiction like rules remains an issue of great speculation, but perhaps the most common theory is that the different quantum states exist in separate universes. The D-Wave quantum computer I look at has one thousand qubits.