Google has announced plans that will help kill off the need for passwords on Android mobile devices. During his Friday talk at Google I/O, an annual software developer conference, Daniel Kaufman of the tech giant's Advanced Technology and Projects (ATAP) division revealed the upcoming roll-out of Trust API. Instead of relying on passwords, Trust API will use biometrics like facial recognition as well as the way a user types, swipes, and even walks to evaluate user behavior, reports MIT's Technology Review. Each of those metrics will help build a "trust score." If that score remains above a certain threshold, the user will remain authenticated. If not, they will need to provide more information to re-authenticate themselves. Kaufman explained that Trust API will run in the background and use an Android device's sensors to constantly monitor a user's behavior. As quoted by Mashable:
"We have a phone and these phones have all these sensors in them, why couldn’t it just know who I was so I don’t need a password, I should just be able to work."
Some industry experts are excited about Trust API, just one element of Google's "Project Abacus" initiative.
For example, Richard Lack of customer identity management firm Gigya told The Guardian that approaches like Google’s will pay off:
"Consumers tell us that they are struggling to remember what is now an average of over 100 passwords in Europe. At a time when the number of devices we own is rising sharply, this frustration has relegated the registration process to being the most broken thing about the internet. The future lies in methods of authentication without passwords, which consumers clearly favour, both in terms of convenience and enhanced security. Biometric authentication is a powerful enabler, allowing businesses smart enough to deploy it to significantly increase rates of registration, gaining data and insight about their customers, while also increasing customer security. This is a win/win scenario which sounds the death-knell for awkward and insecure passwords sooner than we may imagine.”
Even so, privacy advocates are likely to resent Google's use of mobile sensors to continuously track their habits. Kaufman said the tech giant plans to test Trust API with "several very large financial institutions" in June, with the intention of making the tool available to every Android developer by the end of the year. In the meantime, users who are concerned about their password security should consider using a password manager.