Google: Let the machines remember the password
- By Derek Major
- Jun 09, 2015
The next wave of mobile authentication will take security out of the hands of humans and put it into the devices those humans carry, if Google’s Advanced Technology and Projects group has anything to say about it.
ATAP’s Project Vault is a secured-computing environment on a microSD card complete with an ARM processor, a near field communications chip, a secure operating system, antenna and 4G of storage. Data can be secured locally, and communications between two Project Vault-enabled devices are encrypted end-to-end.
Project Vault was unveiled at the 2015 Google I/O conference. According to Regina Dugan, the head of Google’s Advanced Technologies and Projects Group, it can run on Android, Windows, OS X and Linux, and can be used for mobile devices, desktop computers and Internet of Things endpoints.
Vault is already up and running at Google and will first be targeted to enterprise users in verticals that require encryption and highly secure communications.
The ATAP team also entered its horse into the password-killer race, with a plan to eliminate alphanumeric strings in favor of a suite of behavioral biometrics -- a solution that Google says has 10 times the security of the fingerprint sensors available today.
Project Abacus is a solution that collects data during user sessions so the phone can “learn” the habits of its owner. That information – including touchscreen input, location, how the phone is moving, what connections it uses, the brightness settings, the apps and phone usage – is, when taken as a whole, a better authentication solution than any single- or two-factor method of identification.
“A combination of sensors would allow you and the interactions with the device to become your authentication,” Dugan said in her address. “Your keystroke patterns, not what you type but how you type.”
Eventually, Google hopes to add varying levels of security depending on what authentication an app would require.
So far, Project Abacus has collected more than 40 terabytes of data from 1,500 donors and has delivered results although it’s a long way from a marketable product.
Google isn’t the only company trying to get rid of passwords, of course. Microsoft will use facial and fingerprint recognition with Windows 10, and the Fast Identity Online Alliance has granted certifications to 31 post-password products.
Derek Major is a former reporter for GCN.