Thanks to Google, You May Never Need a Password Again

trust word as a password to combination puzzle box with rings of letters
computer-security-guide-cover-2nd-ed

4-Step Computer Security Upgrade

Learn to encrypt your files, secure your computer when using public Wi-Fi, enable two-factor authentication, and use good passwords.

Every type of way to lock down your data has some problems. If you use a weak password, you are could get hacked. Remembering strong passwords is really hard. If you use a password manager, it could have a flaw that makes it insecure. Your employees would sell their corporate passwords for not all that much money.

What if you decide to use fingerprint recognition as your login instead? That gets you around the possibly insecure password problem, but creates a different one: courts have ruled that you can be forced to use your fingerprint to unlock your phone. Even if that does not ever present a problem for you personally, it is, of course, suboptimal for any clients you may have that are in police custody.

At root, the big problem with security in the digital age is that we simultaneously want complete security and complete ease of use, and those things aren’t necessarily compatible. Google has an idea about how to fix this, though, and it involves killing the concept of passwords entirely. It would do so by creating a “trust-based” system, which means that Google will be analyzing how you look and how you use your phone in order to make sure that you are indeed the person trying to unlock and use the phone.

The system is designed to be used on smartphones, and works by constantly checking for a number of personal indicators which can grant access to accounts or the phone itself.

Instead of asking for a password, the phone might analyze your face, your voice, how you type, how you swipe, how you move and where you are. All of these bits of data are fed into the API, which then generates a ‘trust score’ which indicates how likely it is that it’s actually you carrying the phone.

If that sounds simultaneously cool and creepy, that is because it is. Think of the amount of data points Google has to accumulate to determine that you are you. Your phone would be able to look at you, record your swipes and gestures, scan your body, and basically build a database of how you move. Your phone has to be able to listen in on you to build a library of how you sound. Your phone needs to know where you are and where you typically go so that it has a snapshot of your likely locales.

The concept of a “trust score” also means that different apps can have different layers of security.

A banking app, for example, might let you check your balance using only the Trust API. But when you have to transfer money or view more sensitive information, it might ask for more verification, like a fingerprint scan or a traditional password. This may make certain apps quicker and easier to use.

Now, the nice thing about this is that it seems like it would largely be frictionless on your end. No complicated passwords to remember, save for a few tasks, little to no risk that someone can completely imitate your looks, voice, and phone usage patterns. All you need to do is just let Google learn everything about you, which it looks like it could do without much effort from you.

Obviously, people are going to find this more or less terrifying depending on their feelings about privacy. One thing is clear: if you want to live in the future, you will need to choose between privacy and convenience.

Subscribe

Get Lawyerist in Your Inbox, Daily

Current Articles
Current Lab Discussions