Within the next six months, all Android developers likely will have access to a Google API stemming from its Project Abacus that aims to replace the password with a multi-modal system as the primary authenticator for mobile users.
The idea behind the system is two-fold: passwords are rapidly approaching uselessness; and biometric identifiers are now advanced enough to be used for high-value applications. Google unveiled the idea for Project Abacus last year, saying that it hoped to replace passwords with a system that constantly observes users’ interactions with their devices, such as their patterns of typing, facial recognition, voice recognition, and then builds them into a comprehensive trust score. That score then is used to grant or deny access to apps.
Google officials plan to give a group of financial institutions access to the Project Abacus API in June, and hopes to expand that to all Android developers by the end of the year. Company officials announced the move at Google I/O on Friday. Google is one of a growing number of companies trying to augment or outright replace passwords with things such as voice authentication, facial recognition, or a combination of various other biometric factors. Authentication technology has been largely stagnant for decades now, with passwords still serving as the main form of identification online for the vast majority of applications and services. Many users are bad at creating strong passwords and tend to reuse those passwords on multiple sites, opening all of those accounts up to compromise if one site is ever breached.
Google offers various forms of two-factor verification for some of its services already. For example, Gmail users can choose to have one-time codes sent to their phones when they log in on a new device. Google officials said their goal is to make the process of authentication simpler and more efficient for users.
“We have a phone and these phones have all these sensors in them. Why couldn’t it just know who I was so I wouldn’t have to enter a password. I should just be able to work. What we’re going to do with this is get rid of the awkwardness of two-factor authentication,” Dan Kaufman, who leads Google’s Advanced Technologies and Projects division, said in a talk at Google I/O.
Google will test the plan with a group of banks next month, with the goal of getting it out to the entire Android community by the end of 2016.
“This should be available to every Android developer around the world by the end of the year,” Kaufman said.
The Project Abacus technology is designed to work in the background while the user goes about her normal activities on the Android device. As she types, searches for content, and performs other tasks, the system will take a variety of measurements and combine them to arrive at a Trust Score that will determine whether the user is given access to apps. Different apps may have separate thresholds for access.