When you log into your email account, do you find it annoying to enter your username and password? If you do, you’re not alone. And this is probably one of the reasons Google is testing out a new, better way to sign into their email services – no-password authentication. That is it’s trying out a feature that lets users confirm their identity without entering a password. But they must use their smartphones to do it.
Google isn’t the only tech company that tries to get it users away from passwords. However, just like other companies that tried, Google isn’t quite sure yet how to make users log into their accounts securely without key phrases.
Why are passwords important?
Right now, it’s almost impossible to log into your secured account without passwords. They’re a part of user authentication to defeat attackers. Unfortunately, keeping track of your passwords for every account can be maddening.
They are also universally hated because you can’t reuse them without you leaving vulnerable from attacks.
But consumers don’t have a choice, for now, as passwords are relatively convenient. However, some people realize that passwords can still be hacked as breaches proliferate. Banks and other big sites are offering two-factor authentication. This is an added layer of protection. It works by entering a code that has been delivered to your phone through an SMS.
Google’s experiment about password may be quite different as it takes the password out of the equation. And this is similar to what Yahoo did earlier this year.
The search engine giant invited a small group of users to test out the new way of signing in to their accounts. That is no password required.
According to one of the testers, the new system is straightforward. But it still involves authorizing phone to let you log into your account. You will receive an SMS on your authorized phone to allow the login. Once you hit yes, the computer will log you into your account without entering your password.
Now, if they don’t have their phone, users can still use the usual way to log in. And if you lose your authorized phone, the lock screen of your device should protect your accounts. You can also revoke access to the feature from that authorized device anytime.
But the problem is that the phone-only authentication could still be accessed by unauthorized people while it’s unlocked. That said they could still log in to your account.
Another alternative to “no-password authentication” is biometrics. It requires the use of physical characteristics, e.g. fingerprints. This is quite convenient because you don’t need to remember your passwords and you can never forget your fingerprints.
But this, too, comes with some pitfalls. For example, you can leave your fingertips on a lot of things and hackers can easily fool some systems suing high-resolution photo of your hands.
All of these alternatives are being explored by researchers of various tech industries, not just Google. However, companies should still think carefully before they rely on one type of authentication. The reason for this is that each method comes with risks.