Google’s Creepy Plan To Kill The Password
January 18, 2016 by staff
Google’s Creepy Plan To Kill The Password, Abacus would lock or unlock devices and apps based on a cumulative “trust score” — as your phone continually monitors and recognizes your location patterns, voice and speech patterns, how you walk and type, and your face (among other things).
Like many things Google, it sounds miraculous. Your phone will just know it’s you. And infosec pundits who believe we’re stuck in password-hell Groundhog Day because “regular” people won’t do security if it’s inconvenient, will rejoice.
Former Googler Chris Messina sounded ecstatic about it on Twitter, saying that Abacus would beat the current gold standard, two-factor authentication, since losing access to SMS wouldn’t break the whole system.
Cisco engineer Shawn Cooley countered him saying, “very cool until I break my leg or hand & can’t auth to any services to get healthcare info since my behavior is diff.” Messina said, “you presume that your health records aren’t being managed by Verily. You would be wrong.”
During its first public demo at Google’s I/O conference, Regina Dugan claimed that with its “trust score” method, Project Abacus “may prove to be ten-fold more secure than just a fingerprint sensor.” And it’s easy to believe this could be true.
Alphabet’s #ProjectAbacus is algorithmic/probabilistic user identity & trust scoring. HUUUGE https://t.co/Ff6uGDjfcV?ncid=txtlnkusaolp00000618pic.twitter.com/iAg2r2YY4K
- â„ï¸Ž Chris Messina â„ï¸Ž (@chrismessina) January 10, 2016
For keeping out attackers, the password is a manageable solution that can range from weak to tough — and right now, “killing the password” is a trendy set of words. Regular password systems are considered the weakest, especially ones that require a password to be short and simple.
Coming more into fashion now is two-factor authentication. This typically combines login with a text message or email you need as a second step for verifying it’s really you. It’s tougher to hack, and this year it’s being phased in for banking customers by federal mandate. And then we have fingerprints, which are very secure and onerous to imitate, although a thumbprint can be obtained by physical force. Instead of any of these current “front door locks” on our phones, accounts and logins, someone using Abacus would … actually do very little.
Google would do all the work. Correction, the work is already being done. All the data and constant monitoring needed by Abacus is already happening with your smartphone. Like its contemporaries Facebook and Apple, Google is already tracking and recording you up the… you know. That’s why law enforcement loves it when suspects use smartphones.
To make Abacus use our tracked information as a security system, it’s only a matter of putting it all together and giving it a shiny front-end. What it also requires, however, is constant, invasive surveillance and access to some pretty intimate records.
Great idea, scary in real life.
Please feel free to send if you have any questions regarding this post , you can contact on
Disclaimer: The views expressed on this site are that of the authors and not necessarily that of U.S.S.POST.