'News'

Google wants to get rid of passwords because “passwords suck”

10 FEB 2016 0

I spend an undue amount of time thinking about passwords. What makes a good one, what makes a bad one, the advantages of password managers, and of course, trying to remember passwords I set up years ago. Every time I have to access an old account or service I have to go through the same tortured process of trying to remember what kind of passwords I was using back then, what system I had, and so on. If I could tally up all the time and mental effort I've burned on passwords and spend it all on something else, I could probably be a decent guitarist by now (and a lot more relaxed). As it stands, after all the thought and effort I've plugged into the idea, I've only come to one solid conclusion -

Passwords suck.

It seems I'm not alone. Last month, Google's Vice President of Engineering, Regina Dugan, said the same thing while unveiling Google's latest assassination attempt in the quest to kill passwords, Project Abacus. The mobile based authentication system was demonstrated during Google I/O 2015 in a presentation you can watch below.

Abacus is being positioned as a complete replacement for the current model of password authentication. Instead of relying on a string of alphanumeric characters to determine a binary "yes/no” response to access requests, Abacus continuously calculates a "trust score” for the current user based on a multitude of factors determined by natural use. 

Instead of typing in a password, you just pick up the device and start using it. The trust score is reached through factors such as facial recognition, your typing habits, speech patterns, current location, and even (creepily enough) how you walk! While none of these factors would be stronger than a password on their own, combined they equal up to a more secure way of identifying individuals. Dugan claims that the combined sum of what Project Abacus scores on ends up being "ten-fold more secure than a fingerprint sensor” which is already considered a fairly beefy biometric security gate (and a perennial favorite of spy movies. It just wouldn't seem as cool for James Bond to try and mimic a Russian ambassador’s slightly tipsy gait than it is for him to produce a severed finger).

The idea is to not only make a more secure alternative to passwords, but to make the experience more streamlined and intelligent for the user. Obviously, the entire concept already solves the pesky problem of remembering two dozen different passwords, which is great, but the "trust score” system has other uses as well. It could be used to intelligently scale access to different apps, so handing your phone to another person for a moment could be risk free. For example, low-risk uses like accessing a game could require a minimal trust score, while getting into a banking app would require the real deal. You could hand your phone to a friend without worrying about them creeping on your pictures or documents if you didn't like without having to go through the bother of unlocking a password every time you want to view them yourself. The idea is to have a natural experience with your phone that just "knows” whether or not it should grant the user access to sensitive info and apps.

It's an ambitious idea and an appealing one, but I'm not sure if I'm totally sold on it yet. While I hate passwords as much as anyone else (maybe a little more), Abacus sounds awfully invasive for what you're getting out of it. As much as I would love to chuck our current system of passwords into a shallow grave, I can't say I'm super excited about the idea of my phone constantly scanning me and my surroundings for that much biometric and personal information either. While it is early and might be a little unfair to criticize at this stage, the system is also troublingly hazy on what happens when you break your hand and can't type normally, or what to do after a great night at a concert when your voice is blown out and raspy. Maybe the other factors could prop up for an odd set of circumstances, or maybe it can't and you could be stuck without your phone while already nursing an injury. Not great.

No system is perfect, and we will have to wait to see how Project Abacus turns out. Whether or not it solves the problem with passwords, it's good to see software designers looking into alternatives and new ideas to established security systems at all.  But, until the day we can finally get rid of passwords once and for all, make sure you're following our recommended best practices! Passwords suck, but it's up to us to make the most of them.

Fill out the form below to get started

find out what we can do for you 877 543 3110