Passwords are the bane of modern tech – not only are good ones hard to come up with, but they also have to be constantly changed, could be the targets of phishing attacks and have ridiculous rules about letters, characters and numbers that are impossible to remember. This is why most people use simple, easy-to-recall passwords, or recycle the same old ones for several different accounts – as this report from security firm Kaspersky claimed 1 in 7 people do.
Google wants to end that. This week they rolled out trials for a new log-in system that does away with passwords entirely. Instead, you can log in securely to your Google account – including Gmail, YouTube etc. – just by tapping “Yes” on your iOS or Android smartphone.
Google has confirmed that now it’s in testing a new way to sign into your Google account without having to type in a password. Instead, those who have been invited to try this new method of logging in authenticate by responding to a notification sent to their smartphone. The idea is similar to Yahoo’s recently launched “Account Key,” which also offers a password-free means of signing in involving a push notification sent to your phone that then opens an app where you approve the log-in.
Passwords are often the weakest parts when it comes to securing users’ accounts, as many don’t use complex passwords or they reuse the same password across services. Two-factor authentication – like using a USB stick with a secret token or entering in a code sent via text method to your phone – can help to increase security, but many users also find this to be a hassle as it introduces an additional step to the login process.
This new password-free login option, on the other hand, is about speeding up logins by offering a different way of signing in altogether. You only have to enter your email address when you’re signing into your Google account. Afterward, a notification will appear on your phone asking you if you’re trying to sign in from another device. Approve the login by tapping “yes,” and you’re in.
This would be especially useful for those who always have their phone nearby while using Google services on other devices, like their computer, as well as those who have long and complicated passwords that are difficult to type.
It could also help to protect against phishing – something that Google addresses today through its Password Alert tool, too.
The test was first reported by a Reddit user, which was then spotted by the blog Android Police. According to user, he was sent an email invitation to join a test group being given access to try the new technology on their own devices.
The group is called “Sign-In Experiments at Google,” and is found here on Google Groups. While the link to the group is public, you can’t view or participate without a direct invitation.
A Google spokesperson said: “We’ve invited a small group of users to help test a new way to sign-in to their Google accounts, no password required. ‘Pizza’, ‘password’ and ‘123456’—your days are numbered.”
Reported on Reddit by user, the process is straightforward. Here’s how it worked, according to user:
- First, set up your phone to act as a sign-in authenticator (it needs to have a screen lock which is how it is encrypted)
- Go to a Google log-in screen on your computer and put in your email
- Unlock your smartphone, and just tap ‘Yes’ on the Google notification asking if you’re trying to sign in
If your phone is lost or stolen, you can sign in to your account using your regular password, and un-authorise the stolen phone from signing in.
Currently, Google offers 2-factor authentication, which involves putting in your password, as well as a numerical code that appears as a text or in an app on your phone. This new method would save the effort of putting in the code, but would be equally as secure.
This isn’t the first security or phishing-protection mechanism that Google has implemented.
This year, it introduced Password Alert which is a simple Chrome extension that will show you a warning if you type your Google password into a site that isn’t a Google sign-in page.
It has also tested “on-body detection” in its Android 5.1 version which only locks when the phone has been put down, but remains unlocked if you’ve got it in your hand – measured by the phone’s accelerometers.
Google said it could not comment on when the feature might be rolled out more widely.
Hope it was helpful to you. Do send us your comment and you can follow us on Twitter, add us to your circle on Google+ , on LinkedIn or like our Facebook page to keep yourself updated on all the latest from, Technology world.
