Commentary

Google Eliminates Passwords, Begins Something New

Google and Microsoft have separately mapped out plans to eliminate traditional passwords for something new.

At Google that something new is called Project Abacus, which will become available on Android devices by the end of 2016. Rather than relying on passwords or two-factor authentication to open an Android phone, the device will authenticate the owner based on how she uses her device.

Phones should have sensors to identify the person using them, according to Dan Kaufman, director of Google Advanced Technology and Projects (ATAP) at the company's developers' I/O conference.

Project Abacus monitors how people use their phone from the keystrokes and the speed at which they type. It identifies patters of speech, location, facial features, and even the rhythm of the person's walk. All this, along with the way the person swipes the phone, proves the individual's identify and creates what Kaufman calls a trust score.

advertisement

advertisement

The service continually runs in the background of the phone keeping track. During the past year engineers at Google created a Trust API that the company will begin testing in June with a limited number of developers.

Alex Simons, director of program management of Microsoft Identity Theft, wrote in a blog post that it will stop users from choosing passwords that can be easily guessed in an effort to prevent a repeat of LinkedIn's password security fiasco.

"Based on the latest research, there are some straightforward, concrete steps you can take as a user or as an administrator to help protect your accounts," Simons wrote.

In addition to Simons, Microsoft researching are looking at ways to secure consumer technologies and commercial activities such as access to bank records. They will release the findings at the 37th annual IEEE Symposium on Security and Privacy, a security conference that begins Monday.

A group of researchers at Microsoft and the French research organization INRIA, along with collaborators from Hamburg University of Technology and Johns Hopkins University, are presenting technology that would prevent types of serious vulnerabilities and attacks like Freak and Logjam from even being possible.

Microsoft Researchers also are looking at using gestures to secure privacy and protect identities in applications. They are looking at incorporating it into an application beyond gaming and the system they are proposing is called Prepose, which is built on top of the Microsoft theorem prover Z3 and the Kinect SDK. While marketers are not likely to have heard of theorem prover Z3, the Kinect SDK is used in the add-on gesture-based app for Xbox.

Next story loading loading..