As Google introduces Trust Score API, Password requests for access to apps and services may soon be a thing of the past especially on Android devices. Google announced at the recent I/O that it is going ahead with plans to replace passwords with “Trust Scores” that uses high level algorithm and data points about users to determine whether or not they are legitimate.
Google has been working on this Trust API in its password research for over a year and says that it is now rolling it out to “several very large” financial institutions in the coming weeks.
The trust score is based off data point like current location, this means that if you move your device to a new location, your trust scores drop and you may need to use additional verification but in your usual location, you may not need any authorization at all and this is in addition other user-specific data points such as facial recognition and your typing patterns will compliment for full security and privacy.
Certain apps could require different scores. A banking app might want a higher trust score than Instagram requires, for instance. The Trust API always runs in the background of users' devices, monitoring its sensors and information to so that it can provide apps with the current trust score — basically its confidence level that you are who you say you are.
Although the API's release is contingent upon a successful trial with banks, this appears to be promising research, especially considering how terrible traditional passwords are, even when they're coupled with two-factor authentication.
If this works then it would be goodbye to forgotten password, annoying prompt for complex password that you won’t even remember but then we may have to wait for Android N as it would only be available to android developers by the end of the year.
Google has been working on this Trust API in its password research for over a year and says that it is now rolling it out to “several very large” financial institutions in the coming weeks.
"Assuming it goes well, this should become available to every Android developer around the world by the end of the year," Dan Kaufman, head of ATAP at Google, said at I/O.
How The Trust Scores Works instead of Using Passwords
The trust score is based off data point like current location, this means that if you move your device to a new location, your trust scores drop and you may need to use additional verification but in your usual location, you may not need any authorization at all and this is in addition other user-specific data points such as facial recognition and your typing patterns will compliment for full security and privacy.
Certain apps could require different scores. A banking app might want a higher trust score than Instagram requires, for instance. The Trust API always runs in the background of users' devices, monitoring its sensors and information to so that it can provide apps with the current trust score — basically its confidence level that you are who you say you are.
Although the API's release is contingent upon a successful trial with banks, this appears to be promising research, especially considering how terrible traditional passwords are, even when they're coupled with two-factor authentication.
"We have a phone, and these phones have all these sensors in them. Why couldn’t it just know who I was, so I don’t need a password? I should just be able to work," Kaufman said.
If this works then it would be goodbye to forgotten password, annoying prompt for complex password that you won’t even remember but then we may have to wait for Android N as it would only be available to android developers by the end of the year.
Google and ityunit, you guys are trying. Keep the good work.
Good work bro keep it up