The Hacker News Logo
Subscribe to Newsletter

Google Trust API plans to replace your Passwords with Trust Score

google-trust-api-android
The importance of increasing online security around personal information has risen due to the increase in cyber attacks and data breaches over recent years.

I find it hilarious people are still choosing terrible passwords to protect their online accounts.

The massive LinkedIn hack is the latest in the example that proves people are absolutely awful at picking passwords. The data breach leaked 167 Million usernames and passwords online, out of which "123456" was used by more than 750,000 accounts, followed by "LinkedIn" (172,523 accounts), and "password" (144,458 accounts).

In a typical authentication mechanism, two-factor verification is the second layer of security that is designed to ensure that you are the only person who can access your account, even if someone knows your password.

Project Abacus: Password-free Logins


Now Instead of just relying on uniquely generated PINs, Google intends to use your biometrics data – like your typing patterns, your current location, and more – to strengthen the second layer of authentication with a better, automatic and trustworthy approach.
Google Trust API plans to replace your Passwords with Trust Score
Introduced at the Google I/O developer conference, the new feature is called the Trust API, which will be available to Android developers by year-end if the initial tests with "several very large financial institutions" next month goes well.

Trust API was first developed under the codename Project Abacus, which was introduced last year at Google I/O 2015 when the company announced that it was working on a new password-less authentication method for Android devices.

What is Trust API and How it calculates your Trust Score?


Project Abacus is a system that opts for biometrics over two-factor authentication.

A while ago, the company implemented a similar idea, called "Smart Lock," on devices running Android 5.0 and higher.

Smart Locks automatically locks or unlocks your device when you are in a trusted location, or when your device recognizes your facial characteristics or have a secure Bluetooth device connected.

This Trust API is an upgraded and advanced version of Smart Lock. Trust API works by using the phone's sensors to collect data about you such as your voice, typing patterns, the particular times and locations you might use an app, and even facial recognition to derive a "Trust Score".

This Trust Score is then used to authenticate you without any need to enter a password or PIN, the head of Google’s Advanced Technology and Projects (ATAP) unit Daniel Kaufman said Friday at its Google I/O developer conference.

In case your Trust Score is not high enough, apps could revert to asking users for their passwords.

However, the company also said previously that different apps could require different Trust Scores. For example, your bank could require a higher score than a gaming app.

This Trust Score is the new "Trust Score API" or "Trust API" that the company hopes to put in developers' hands by the end of the year.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.