Security
Now Reading
Google tests password-less login on the web using phone authentication
2

Google tests password-less login on the web using phone authentication

by AshwinDecember 23, 2015

Google is renowned for protecting the security of its users.

Google password less login

To do this it uses various kinds of options, including the recently launched Password Alert extesnion, and the good old mobile authenticator apps.

This 2-way authentication, or 2-factor authentication as it is reffered to, helps protect the user’s Google account from being hacked by adding an extra layer of security.

But this method involves logging into the account using the regular password, which will actually trigger a prompt asking the user to enter a backup code which can be received using the mobile app mentioned abiove, or a code which the user could have backed up earlier, or get a new code through sms/phone call.

What if there was a way to login to your Google account without entering the password for it?

That is exactly what Google is working on. In fact, the Mountain View company has already begun testing the feature. Rohit Paul, an Android user who goes by the name rp1226 on Reddit, posted some screenshots which show how the new feature works.

You may have noticed that Google changed the login system on its website, earlier this year. It doesn’t ask you to enter the password on the first page, instead it asks you to enter the username and click on the next button. The user will then be required to enter the password on the next page.

The new password-less login system, will not do the second step mentioned above. When a user enters their username to login, Google will display a number on the browser, and send a notification to the user’s phone, more specifically, an Android phone. This notification will ask the user to tap the number in the message.

This will grant the user access to their account, without the password.

Venturebeat says it questioned Google about this, and got a confirmation in the form of the following statement:

“We’ve invited a small group of users to help test a new way to sign-in to their Google accounts, no password required,” a Google spokesperson told VentureBeat. “‘Pizza’, ‘password’, and ‘123456’ — your days are numbered.”

This system is pretty exciting, and will improve the security of Google accounts drastically, as the user’s password is safe from any threat including keyloggers, phishing methods, and identity theft attacks. It is unclear as to when Google will enable this for all users, or if at all. Hopefully we will see it in the near future.

2 Comments
  • December 24, 2015 at 10:17 am

    As long as the method is limited to the Google services is “only” an improved version of a 2FA. Press yes instead of typing a code received, or the phone. Phone is used only to send a YES or a NO.
    I am the CTO of an Italian project, SingleID, which use the phone to send not only YES or NO but also some personal infos. In this way each login request also includes my personal infos, each time. Moreover my personal data resides only in my smartphone and not on a remote server. This way any users can be identified everywhere with no password and no form filling.
    Whether we like it or not in the next 10 years we will be identified through our smartphone and the only way to not be tracked 100% it is to use our smartphone as storage of our data and share thme only when necessary and with the final recipient.

    • FileCritic
      December 25, 2015 at 3:26 pm

      Hi Daniel, indeed passwords are boring. It seems you have a nice project on the run. Catch us on the contact form, would like to know more. Thanks.

Leave a Response