Body cues, habits could make passwords obsolete, says Google

Google is trying to make passwords passé as it looks into using body and location cues to verify a person’s identity.

At a Google I/O conference last week, the search engine giant said it was moving forward with Project Abacus, which aims to render passwords a relic of the old computing paradigm.

“Phones have all of these sensors in them. Why couldn’t it just know who [I am]?” – asked  Daniel Kaufman, head of Google’s research unit ATAP (Advanced Technology and Projects), during a presentation at the conference. The project’s basic aim is to “get rid of passwords and all the annoying things” that go along with them, he said. The comments were reported by CNET on Monday.

Related: Kansas hospital pays ransomware demand, doesn't get files back

Currently, secure logins – most commonly used by banks – require so-called two-factor authentication. So, for instance, in addition to a password, you must provide a unique PIN sent via a texting app or email. Instead, Project Abacus would try to zero in on unique things about you, your behavior, and your body. That includes factors such as typing, walking, and voice patterns combined with what apps you use and your location to verify identity.

Google calls this combination of factors a “Trust Score.” Though it’s not yet clear how exactly Google would use this, an example might be an app that requires a high level of security. A banking app might require, for instance, a higher trust score than a music app. In the case that your Trust Score is too low, then Google would revert to a password.

Other possibilities include locking down the device if Google detects that it has been picked up by a non-authorized user.

Related: 3 new Craigslist scams spreading now

Google’s machine intelligence group (among others) is working on the project. “This June we’re going out to several very large financial institutions for initial testing and assuming this goes well, this should become available to every Android developer around the world by the end of the year,” said Kaufman during his presentation.

“Google's approach is like a fingerprint, taken collectively,” Roger Kay, president of Endpoint Technologies, told in an email. “The sum of your patterns … will yield a statistically unique signature: the way you walk, where you are, the way your finger moves, etc.  Depending on how it's implemented, these are all things ‘you are,’” he said.

But whether this technology actually makes it to your smartphone is far from certain. Google has a less-than-stellar track record with research projects coming to real-world-use fruition. And a technology like this could potentially impact a smartphone’s battery life, among other downsides.

Related: Hacker looks to sell 117M LinkedIn passwords from 2012 data breach

“One wonders [if it has] too large a footprint in memory [and is] too slow,” Kay said, though he added that the idea is sound.

Consumers favor alternative methods of authentication such as fingerprint scanning, voice recognition, facial recognition and iris scanning, according to survey results released by identity management specialist Gigya this week.

Some 52 percent of the 4,000 U.S. and U.K. adults surveyed said they would prefer alternatives to traditional usernames and passwords. Biometric authentication was cited as more secure than usernames and passwords by 80 percent of respondents. Nearly half of all millennials surveyed said they have used at least one form of biometric authentication.