How Google declared open war against passwords at I/O

Google hasn't been shy in the past about its desire to kill the password, and at Google I/O, the company started throwing punches.

The next version of Android will include several ways to unlock a smartphone without having to enter a PIN or lockscreen pattern, a feature dubbed "personal unlocking." If the user is wearing an Android Wear smartwatch, the phone will unlock automatically, and you'll be able to set up trusted locations, such as home or work, where a PIN isn't required, or use a voiceprint to unlock the phone. The capabilities carry over to Chrome OS; Chromebook users will be able to automatically authenticate themselves via a paired Android phone, unlocking the laptop and logging into your Google account without ever having to bother with a single password.

Chromecast, meanwhile, is getting its own password-skipping trick: When you have guests over, they'll be able to cast videos to the television without being on your Wi-Fi network. Google said it sends an ultrasonic code to the phone to figure out when the user is in the same room as the Chromecast, and it'll fall back on a PIN when it can't pinpoint the user's location.

None of these approaches are going to obviate the password outright. They're merely supplements, aimed at keeping you from entering the same string of letters and numbers over and over. The idea is if you can unlock your phone with little effort, you might actually take the extra step of adding a PIN in the first place—a hugely beneficial security practice.

Still, it's easy to see how the added layer of security could spread to other apps and services. Apple is already moving in this direction with TouchID, the fingerprint sensor that's built into the iPhone 5S. Currently, TouchID can only unlock the iPhone and authorize iTunes purchases, but in iOS 8, Apple is opening up the sensor to third-party apps. This will allow users to add an extra layer of security to sensitive apps without requiring a password every time

In the future, Google could offer similar security features in Android apps through Bluetooth pairing or location-based authentication. A paired smartwatch or smartphone could also potentially serve as the second step in two-factor authentication, providing extra security when logging into a new device without the hassle of verification codes—in fact, some enterprise notebooks already support Bluetooth phone pairing as a secondary authentication method. With this added security layer in place for your Google account, Google+ sign-in could even act as a master key for other apps and services. At that point, remembering dozens of passwords starts to become obsolete.

The new sign-in methods Google announced at I/O are just a first step—one that's less extreme than the tattoos and authentication pills that researchers have been dreaming up. But if users end up embracing wearable technology, it could be the start of a full-blown assault on passwords and PINs.

This story, "How Google declared open war against passwords at I/O" was originally published by PCWorld .

Join the discussion
Be the first to comment on this article. Our Commenting Policies