Google’s YOLO API Set to Speed Secure App Log-Ins

Google’s YOLO API Set to Speed Secure App Log-Ins

Google is making it easier for users of password management software to securely log-in to their favorite Android apps.

The web giant has teamed up with various password manager vendors to build a new open API dubbed “Open YOLO” (You Only Login Once).

As the name suggests, it will enable developers to ensure their Android apps can access the passwords inside such systems, meaning users don’t have to log-in to their password managers each time.

The project is being undertaken by password management firm Dashlane and a group of others who will all contribute to the development of the open API.

“This project is the first big step towards making security simple and accessible for every user, on every device,” wrote Dashlane community manager, Malaika Nicholas.

“In the future, we see this open API going beyond just Android devices, and becoming universally-implemented by apps and password managers across every platform and operating system. Ultimately, we look forward to expanding this collaborative project, so that it will benefit the entire security ecosystem as a whole.”

The initiative would seem to be well focused, given that it aims to reconcile security and usability – two ideals usually at odds with each other in the world of authentication.

The security of password managers themselves have been called into question over recent months, however, after some high profile incidents.

At the end of last month, major flaws were revealed in LastPass which could allow remote access to stored credentials.

Noted Google researcher, Tavis Omandy, even publicly questioned at the time why anyone “uses an online service to store passwords.”

LastPass also failed in 2015 after hackers compromised user account email addresses, password reminders, server per user salts and authentication hashes.

That said, password managers are frequently recommended by experts as the best way of securely circumventing the challenge of remembering multiple strong passwords for online accounts.

Source: Information Security Magazine