Google to kill passwords on Android, replace 'em with 'trust scores' Google is planning to use “trust scores” to kill off traditional passwords on Android. The internet giant wants to get rid of password logins, at least for Android apps, by 2017. Google outlined its plans at its I/O conference last week. Google's Trust API technology would use a variety of metrics to create a trust score. …
"Factors such as typing speed, vocal inflexions, facial recognition and proximity to familiar Bluetooth devices and Wi-Fi hotspots would be used to calculate the score"
So, for this to work, some or all of these factors have to be enabled. Naturally the increasing data slurp is just a coincidence...
Still wondering how that will work since I generally don't use bluetooth, have the camera off or obscured (or broken, but that was an accident), and often turn the wifi off when not using it. The GPS isn't on either, and I don't type that much that often to allow for sampling that.
Perhaps my phone will decide I don't exist.
This post has been deleted by its author
Not everybody sees Technology as a god to be worshipped at every opportunity. Technology is an enabler, not the result.
You do know there is a real world beyond the edge of your screen, yes? Maybe 'Golden Age' rather than Stone Age - the Golden Age where people actually spoke to other real, live people and not just tapped a keypad in some filthy little bedsit somewhere (see, I can generalise and be rude too. But I'm not hiding behind the Anonymous Coward shield...).
Given the choice between the chance that some scumbag might bother trying to crack my password or allowing Google to force me to tell them where I am and what I'm doing all the time, I will stick with the password every gorram time.
@Not Bob
Nailed it.
Currently looking at "feature" phones/developing a deep understanding of AOSP* so that I can deliberately facilitate your last sentence for myself. It does merit consideration if this is a good idea in the long run however (data-boot proximity to facial regions being eternal and all...)
*that make file is pretty intimidating for a nOOb.
>Perhaps my phone will decide I don't exist
Even if it admits to your existence, what precisely is the point of a mobile device that checks you're in a familiar location? I have proper computers in the places I find myself most frequently: Android is for the random places the Cat 5 doesn't stretch.
Add me to that list.
I keep mi phone in Ultra power saving mode 98% of the time because, Hey, it's a Phone and that's what it works as in that mode.
The only time I take it Out of that mode is when I'm using it as a Music player in my car.
And all That music is on the MicroSD Chip inside the phone.
I'd add the Music player to the apps that are allowed to be On in power saving mode, but there doesn't appear to be any way to do that. It's one of the apps that Google has decided, in their "Wisdom" needs internet Access even though I never download music to the phone from the internet. I purchased the CDs instead.
I am still living in my motorhome, travelling around the UK.
The wifi hotpots vary wildly day to day. And depending which dongle I have running at any one time due to monthly data limits, all of the wifi I see today may be utterly different to what I see tomorrow.
This won't work here for sure.
Exactly my thoughts.
"We see you are not using your mobile Banking App for YXZ Bank. Perhaps a new account at ABC Bank would be of interest to you?"
Personally, what apps/web-pages I access etc I run on MY device is of no business to the likes of Google.
IMHO this is just to get even more intersting fact on their userbase so that they can monetize it (and you for that matter).
Biometric authentication.....blah blah data mining....blah blah advertising.......blah blah monitoring...............oh............yes.............wait.............it does some security stuff too.
Nice to see my rather jaundiced opinion of Google's real priorities reinforced.
Before you all go mad, just remember, if you're bothered I am sure there will be a way to use higher security.
I don't really see how this gets rid of passwords though? Surely it is just a better lock screen.
I think it's a good idea, currently I have my phone unlocked longer than I really should security wise. I have Google Authenticator on it and Android Pay which I really wouldn't want anyone using for nefarious reasons. So it's slightly better than no security.
@ Peter 26
Before you all go mad, [...]
Too late, the predictable knee-jerk ranting has begun.
Personally, if my phone can reliably determine that I'm me without me having to faff about entering passwords, I'm all for it. Whether the technology ends up being up to snuff is another matter, but I'll hold fire until I know more about how and how well it actually works (crazy, huh).
I used to find the comments on The Register to be highly entertaining and or insightful.
Seems to have regressed to a state of mostly unintelligible criticisms of technological progress.
But but what If I don't have bluetooth? What if I'm in a foreign country? What if I lose my thumb and can't use my thumbprint scanner? What if I have a face transplant and it doesn't recognise me? What if I want to set a password?
I wouldn't even mind but it's almost always said by people who massively overestimate their own knowledge and experience. Presumably earned from years supporting users.
"I wouldn't even mind but it's almost always said by people who massively overestimate their own knowledge and experience. Presumably earned from years supporting users."
@Zilla ! Oh thank you. That is the perfect description of a lot of people. And not necessarily from the tech sphere. After interacting with a few dozen 'normal' people in a day, most everyone comes away with undeservingly inflated egos.
@Zilla - that depends on your definition of progress, now, doesn't it? If your definition of progress is every last little new thing that Google flings at you, then yes, I'm amongst the cave-dwellers, as I prefer to use my critical faculties to decide whether what companies want me to use is up to scratch or not.
If, however, your definition of progress is the introduction of new technologies that are likely to work well and make life better, then I'm not a cave-dweller - but I will say no to stuff that's thrown our way that has clear drawbacks and possible dire consequences if/when it fails.
For me though, the point of failure is Android itself. No, actually, cancel that; it's the modern 'smartphone', but Android just appears to be the worst (due to insecurity) of the OS's on offer.
Personally, I've no intention of paying desktop PC prices for something insecure which I've little control over that's sold filled with crapware I've no interest in, and which can't be removed. Hence no smartphones for me. A dumb phone plus a Psion II would suit my needs far better than any current smartphone (and would probably be cheaper too, if they still made P-II's).
I have no issue with technological progress where it improves my life and is not intended solely to allow Google or any other money-grabbing bunch of snooping businessmen to spy on me.
I value my privacy and do not want to walk through some shopping mall where all the adverts address me by name and base what they show on the websites I visit (how many flight simulator programs are there for PCs now, and what the hell would they show me based on the content on El Reg??).
Zilla, did it ever occur to you that its because some people have supported users for years that they no longer think technology is such a great idea? What happens if someone takes over at (insert Supplier name here) and tells you they want you to give them half your yearly earnings or they cut your services off? What are you going to do when you suffer a power cut and you can't speak to anyone or go anywhere cos your fantastic robohome has gone into secure lockdown mode until the power comes back?
Perhaps you would share your own knowledge and experience so we can see how massively we have overestimated our own...?
Personally, if my phone can reliably determine that I'm me without me having to faff about entering passwords
Problem 1: it's not your phone. You have bought permission to use the device at the discretion of Google/device manufacturer.
Problem 2: It's not the phone that is determining it's you. The authentication will be performed in some anonymous data centre using data which is out of your direct control.
"I don't really see how this gets rid of passwords though? Surely it is just a better lock screen."
They cease to be necessary because your phone will use it's own 'awareness' to determine who's using it and allow only you to access your stuff. No need to provide a password, which exists purely for the exact same purpose.
So, say you want to access your mobile banking app. The phone checks a variety of things to make an assessment of whether it believes you are you. I it's convinced enough that you are, it lets you access your account. If not, it says 'no, I don't think you're you, sorry' and just gives you access to non-harmful stuff like Angry Birds.
I'm willing to bet the first thing this does is renders all Android phones (Aside from 2-3 £800 flagship models) unusable.
Google email throws a hissy-fit every time it thinks I'm in a different location. And if it demands a password then it defeats the whole "extra convenience" this idea is supposed to provide. And that makes the situation even worse, because it's now demanding that you remember a password you have not used in six months.
Just as it would work for people who have an elastoplast on the thumb they use for their fingerprint scanner - they enter their passphrase instead.
There is even precedent - it is not unknown for a card issuer to telephone a card holder if the card is used in unusual circumstances, to request further authentication beyond the card and PIN themselves.
(Though of course you should not give any information in those circumstances, but instead ring off, ring a trusted party such as a friend, ring off and then ring the number on your card or bank statement. The idea of ringing a friend is to make sure than any would-be spoofer hasn't kept your line busy - this has been known to happen on UK landlines, I don't know if it applies to mobile phones )
How is this going to work for business travelers, who may need urgent access to their accounts in the event of travel plans getting screwed up?
Just do what my friends do and email all your contacts to explain the situation and ask them to wire some funds via Western Union. I never seem to get much thanks though.
Um, you can't get access to your phone, because it doesn't think it's you, because you are in 'foreign'. So you better hope there is one of those old-fashioned internet cafes nearby, or you're boned.
This 'idea' has Catch 22 written all over it. I especially loved the part from the quoted 'expert': "gaining data and insight about their customers," Yep, that's what it's all about alright.
Just how much utter crap apparently intelligent people can spout or even think.of.
This is how long is a piece of string security so not so much security as an excuse to suck more data about you.
Currently most of the criteria the article talks about is unavailable from my phone by my choice.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
