Passwords, We Don’t Need No Stinkin’ Passwords!
At the Google I/O developer conference in May 2016, Google announced availability of Project Abacus software by year end 2016 if testing proceeds as expected. Project Abacus is a unique concept originally announced at the same conference in 2015.
The goal is the elimination of passwords for users of Android devices and apps. Passwords will be replaced by a series of attributes like the way you walk, talk, type, facial recognition, physical location, etc. that the Android operating system observes and records to continuously create a trust score. The trust score will be used to authenticate users on Android enabled devices. The objective is to move the burden of the password from the user to the device.
Google partnered with several universities and industry experts to improve upon the passwords and move beyond the typical four digit pin password. With the help of the university personnel and the industry experts, the folks from Google developed a system 10X more secure than the current bio-metric fingerprint solution.
Today, the most secure logins use a method known as two-factor authentication that requires a user to provide a user name and password when logging into, for example, an investment firms application. Two factor authentication moves the traditional process one step beyond user name and password by requiring that the user also input a code that is sent to the users device, typically mobile phone, to ensure an enhanced level of security.
Google has already implemented a baby-step version of Project Abacus for users of Android devices with operating system 5.0 or higher called Smart Lock. Smart-Lock enables users to automatically unlock their device when they are in a trusted location, connect with a trusted Bluetooth device, or it recognizes a users face. Smart-Lock for Passwords saves passwords for websites and apps and auto-fills them when a user returns.
Project Abacus enabled devices may enable apps and websites to define a plethora of trust score requirements for users. For example, users may access the main area of an insurance company members site based on their device trust score. However, to proceed beyond the main page they are required to revert back to two-factor authentication if their score falls below a required threshold.
In June 2016, several large financial institutions are scheduled to begin rigorously testing the Google Trust API. Once testing is complete in Fall / Winter 2016, Android developers will immediately integrate the functionality into their apps providing them with a competitive advantage when compared to the fingerprint system, TouchID, used on Apple IOS devices. Stay tuned for the ongoing tech giant battle in developing methods to secure devices and apps.
Randall Smith – StratoSTACK Product Manager
Illustrations and Copy Edit: Jaime Baldwin- StratoSTACK Digital Media Specialist