These days, the conventional password is not much beloved by either businesses or consumers. Consumers merely hate having to remember them. This leads them to default to easy-to-remember passwords that they repeat often — for memory’s sake — which leads to why businesses hate them. They are easy to hack.
Which is why Google wants to get rid of them — in general and on devices running Android specifically. At its latest developer conference, Google announced plans to move ahead with “trust scores” that use various data points to assess if a device user is legit. The Trust API has been under development for a year and is now rolling out to “several very large” financial institutions in the coming weeks.
“Assuming it goes well, this should become available to every Android developer around the world by the end of the year,” Dan Kaufman, head of the Advanced Technology and Projects group at Google, said at the conference.
The user-specific data points that go into the score include current location, facial recognition and typing patterns.
Different apps could require different scores to access them. Banking apps could call for higher scores than a mobile game, for example. The API always runs in the background of the operating system and monitors a device’s use to update the trust score for the apps running.
“We have a phone, and these phones have all these sensors in them. Why couldn’t it just know who I was, so I don’t need a password? I should just be able to work,” Kaufman said.
Although the API’s release is contingent upon a successful trial with banks, there is at least promise in the approach.
Traditional passwords stack up terribly in most measurements, though consumers do favor the amount of privacy and control. Elements of Google’s trust score — facial recognition that likely requires a phone’s camera to passively activate and scan a user’s face, for example — might seem a bit creepy to some.