Google to Trial Password-Free Log-Ins with Banks

Google to Trial Password-Free Log-Ins with Banks

Google’s play at password-free apps – Project Abacus – is set to be trialed with several major banks next month, it emerged on Friday.

First revealed at the I/O developer conference last year, Abacus is a new system for mobile authentication which “moves the burdens of PINs and passwords from the user to the device itself,” former head of Google’s ATAP (Advanced Technologies and Projects) division, Regina Dugan, said at the time.

It does this by combining biometrics like facial and voice recognition with user behavior such as the times and locations you usually try to log-in. From these it deduces a Trust Score which can then be used to check if the individual trying to log-in is you.

The idea is that more sensitive applications like those for online banking access will require a higher Trust Score.

Google is hoping to push out a Trust API to developers by the end of the year so they can start testing it and, ultimately, decide if it works well enough to replace traditional passwords or 2FA.

It has already been trialing the system with over 30 US and international universities over the past few years and will now be looking to take things forward with “several large financial institutions,” according to new ATAP lead, Dan Kaufman.

If it works successfully the benefits are obvious, as Abacus is completely passive and would not require users to remember a string of different passwords for multiple online accounts.

Richard Lack, EMEA director at identity management firm Gigya, argued the future of authentication lies with methods that don’t involve passwords – both for security and convenience.

“Biometric authentication is a powerful enabler, allowing businesses smart enough to deploy it to significantly increase rates of registration, gaining data and insight about their customers, while also increasing customer security,” he added.

“This is a win/win scenario which sounds the death-knell for awkward and insecure passwords sooner than we may imagine.”

Source: Information Security Magazine