Google Experimenting With Outside-The-Box Mobile Security

January 12, 2016 - 2 minutes read

Google

Google hates bad passwords. “1234567,” “PaSsWoRd,” and other mobile app security abominations have been in the crosshairs for years. From wearable rings that grant access based on proximity to USB drives that automatically confirm a user’s identity, it may seem to Toronto mobile app developers that the tech giant has considered every option when it comes to account security.

Unfortunately, there isn’t much to show for all the experimentation thus far. The best measure available to Google’s web app users is multi-factor authentication — which, while highly effective compared to generic password and cookie log-in, face low rates of user adoption simply because they’re a hassle. Mobile app users are accustomed to ease and simplicity; entering in a code that’s texted to your cell every time you enter a web app is neither easy nor simple.

Therefore, Google’s statement to VentureBeat that they’ve “invited a small group of users to help test a new way to sign-in to their Google accounts, no password required” could signal to mobile app developers that a new standard is on the horizon for mobile app-enabled security.

The new sign-in method seems on the surface to sacrifice some of the security that comes with two-factor authentication: users are sent a notification on their smartphone when they attempt to log-in, and tap a confirm button to allow access. Since two-factor authentication is based on the premise that it’s unlikely a hacker will have access to a user’s phone, security experts and mobile app developers believe that removing the password altogether could actually trump password-only security by making phishing impossible.

The main security concern if smartphone-confirmation log-in becomes a norm is the possibility of hackers gaining remote control of a smart device, or of course, the threat of IRL pickpocketing. Given the security features baked into most Android and iOS devices — and the mobile apps running on them — this scenario is far less likely.

The new log-in method is currently being rolled out for select Google users to test and provide feedback. The feature works for Android and iOS.

Tags: , , , , , , , , , , , , , , , ,