It is believed that Google is in the process of testing a new system of identification. This one will not need any passwords. This is according to reported leaks to Reddit.
The move is not only just the latest sign that the tech industry is trying to get users away from passwords. It’s also the latest sign that companies still aren’t quite sure how to replace them yet.
While the report has not been confirmed or denied by Google, or by Alphabet, the Android Police website has backed it up, and they claim that they have gotten the scoop straight from Google itself.
We’ve invited a small group of users to help test a new way to sign in to their Google accounts, no password required. ‘Pizza’, ‘password’ and ‘123456’—your days are numbered.
The above was the response from Google after being probed about it by the Android Police. Interestingly, one member of the ‘small group of users’ is Rohit Paul, who is better known as Reddit’s rp1226.
The feature is clearly only just being tested. The idea behind it is that it will work on a notification system. So, instead of entering a password whenever you want to access your account, Google users will be able to receive a notification on their smartphone and sign in through that.
Google is keen to tell people that the system may not need a password, but that it is completely safe. In the instructions that people like Rohit Paul have received, it is made clear that Google will continue to monitor unusual sign ins and ask people for additional confirmation if they feel that some behavior is suspicious.
While only in the testing phase, and it isn’t even clear when the testing phase will properly start, people have already proven to be incredibly critical. The first thing that they point out is that using a notification system will mean that signing in will actually take longer than normal, as a password can very quickly be entered. Additionally, the big issue is that people feel that they are compromising on their security by entering into the notification system. However, Google has made it clear that those who sign up to the new system can also reverse it. This may be necessary if they are somewhere without a network. When reversed, they will simply be asked for their password once again.
While this may be a groundbreaking piece of news, the reality is that Google is actually lagging behind. Many other large online institutions have already started to remove the traditional password. Take, for instance, Yahoo, who offers the so-called key account system.
Yahoo has proposed putting an end to passwords in general, by launching Key Account. As the company explains, this system was borne out of the need to simplify login procedures for users. In fact, with Key Account, it’s now as easy as pushing a button. The service is already available for Yahoo Mail and allows the user to access the account via their smartphone. All they need to do is click on a button in Key Account and they’ll receive a notification on their smartphone.
This is basically exactly what Google is proposing to do. Through Key Account, someone who accesses their Yahoo Mail on their smartphone will receive a notification if they want to use any device to check their mailbox. To be granted access, they simply click ‘yes’ on the notification, which they receive on their smartphone, and access will instantly be granted. This means that there is no more need to remember passwords at all.
And Yahoo is not even the first to come up with a new system. Take, for instance, the two systems used by Microsoft on Windows 10, which use two types of biometry. The first is the Hello recognition system.
Windows Hello is a more personal way to sign in to your Windows 10 devices with just a look or a touch. You’ll get enterprise-grade security without having to type in a password. Surface Pro 4, Surface Book, and most PCs with fingerprint readers are ready to use Windows Hello now, and more devices that can recognize your face and iris are coming soon.
The second recognition system they use is Microsoft Passport, which is used for apps.
Microsoft Passport lets users authenticate to a Microsoft account, an Active Directory account, a Microsoft Azure Active Directory (AD) account, or non-Microsoft service that supports Fast ID Online (FIDO) authentication. After an initial two-step verification during Microsoft Passport enrollment, a Microsoft Passport is set up on the user’s device and the user sets a gesture, which can be Windows Hello or a PIN. The user provides the gesture to verify identity; Windows then uses Microsoft Passport to authenticate users and help them to access protected resources and services.
All of these efforts are designed to stop people from storing their password somewhere in the effort to remember it, only to find later on that that location has been hacked, meaning they could potentially lose all of their data. At the same time, however, the criticism remains that it is actually very easy to hack through these new systems, because if someone were to lose their phone, the finder could use it to access a variety of systems. At the same time, this is the same criticism that contactless payments faced, as did Apple Pay, yet all these systems are now widely accepted and very few issues have been reported with them. This is mainly because the general consensus now seems to be that people need to be careful with their devices and bank cards and not lose them or leave them lying about. Yet, at the same time, it seems that this expectation does not exist when it comes to passwords.
The proof is in the pudding: a recent piece of research looked into what the most popular passwords of all times are. Worryingly, the three most popular passwords are ‘qwerty’, ‘password’ and ‘123456’, which demonstrates the need for a different system.