Google has been busy thinking outside the box in the field of mobile security as of late. It was recently discovered, thanks to Reddit user Rohit Paul, that the company is now testing a new option that lets users log into their account without a password.
When questioned, a Google Spokesperson confirmed that Google has enlisted a small group of users to help test this new way of logging into their accounts. The group is currently providing feedback on this new password-less method which is available for Android and iOS.
How it Works
Users would ideally be able to log onto their accounts using only a mobile phone without having to type in a password. When a user authorizes their mobile device, they will be able to input their account credentials on any computer and receive a notification on their smartphone. The device must have a screen lock and users will still be able to log in with their regular password if they wish. There are also features to help deactivate a lost device and activate an upgraded one.
Google was clearly tired of enforcing security with all the bad password combinations that are used. Perhaps Google will no longer have to release videos with best practices on password creation.
Is this Method Safe?
Yes it is. In fact, Google says that password-less logins are a measure to prevent hacking because this new method could be used as a tool against those who rely on passwords to conduct phishing operations. Google itself believes that its password security questions are not safe enough and even released a study in May 2015 that verifies this.
Many big sites and services nowadays offer a two-factor authentication, which is an added layer of protection that often works by making you enter a code that's delivered to your phone via text messages or an app. Google's new test seems to be a lot like just taking the password part out of this common two-factor equation - and it appears to be very similar to a system Yahoo launched for its mail app users earlier this year.
The system is pretty straightforward.
Unfortunately with this new method from Google, if someone is able to access your phone while it's unlocked, they could log into your account.
The initiative to go password-less is not entirely recent. Dating as far back as 2013, Google, Yahoo and other companies were already searching for ways to make password-less logins a reality. Biometrics, the use of physical characteristics like the iris or fingerprints to access accounts, are not a feasible option -- even though they are already being used with new iPhones around the world-- because physical features are mostly permanent and cannot be changed in the event that their impression is recorded by a hacker.
Although it is exciting to know that efforts to eliminate some of the most annoying security measures out there are being made, it’s also clear that we are still not sure what the best way to go about eliminating passwords.
Even though we may continue managing our list of a dozen or so passwords for a while, if you weren’t invited to test out Google’s newest experiment, Lolay recommends using Google’s password manager to create and store secure passwords across all your devices.
Lolay is excited to see the opportunities for improved security features that may come out of Google's endeavors. In the meantime, contact us online today with any comments you may have or call (888) 806-6033 if you need consultation on the security features of your project, no strings attached.
Also don’t forget to subscribe to our monthly newsletter for more free and useful updates on all on things mobile.