The death of the password
Google's massive I/O conference was chock full of trends and portents, but one of the most intriguing messages to trickle out of the show was far more subtle than the Android-everywhere blitz: Google is finally making good on its quest to kill the password.
Every single major platform Google promotes declared war on the password in some fashion. And Google's far from the only company to come up with interesting authentication alternatives to memorizing long codes of numbers, letters, and special characters. From digitized tattoos to Bluetooth trickery and beyond, here's how big names like Google, Apple, Samsung, and others are trying to kill the password.
Android L's 'personal unlocking'
When Android L, the next version of Google's all-encompassing mobile operating system, hits the streets this fall, it'll pack in a headache-relieving feature dubbed 'personal unlocking.' Personal unlocking takes what it knows about both you and your phone to alleviate the need to enter a security PIN when your phone's in a safe situation.
The automatic authentication can be handled several ways: Android L can tell if you're in a trusted location, for instance, or sense your paired Android Wear watch, or even pick up on the sound of your voice. It'll be intriguing to see how this plays out.
Chromebooks embrace Android
Android's anti-password stance carries over to Chrome OS, too. Sometime this fall—presumably around the time Android L goes live—Chromebooks will pick up the ability to sense your Android phone via Bluetooth, then automatically unlock your notebook, going so far as to sign you into your various associated Google accounts. Handy!
If your phone isn't nearby, of course, you'll still have to sign in with your Google account password. The automatic authentication isn't the only deep Android integration coming to Chromebooks, either.
Chromecast's sonic security bypass
Chromecast, Google's streaming TV dongle, is taking a different tack by making it easier for your guests to share videos on your TV. Currently, you can cast content to the Chromecast only if both it and your device are on the same Wi-Fi network, but a future update will remove the need to share your network password.
Even cooler will be the way the Chromecast authenticates nearby devices: It'll emit a high-frequency tone inaudible to the human ear, but registered by your phone's mic. Any phones that hear the sonic squeal will be able to cast content to your TV. Whoa.
Apple's Touch ID
Google's antics aren't the only assault on the password. The most notable alternative is Apple's Touch ID, introduced in the iPhone 5s in late 2013. Touch ID builds fingerprint recognition technology into the iPhone's home button, which allows you to sign into the phone and authenticate purchases from iTunes, the App Store, and iBooks with a quick touch—no password or PIN required. The upcoming iOS 8 update will open Touch ID authentication to third-party apps, too...
Fingerprint recognition spreads
…Which the fingerprint reader built into Samsung's Galaxy S5 already offers, assuming the third-party app's developers have coded the feature into their software. HTC's One Max also integrates a fingerprint scanner—on the rear of the phone, oddly enough. Various business-focused Windows notebooks have offered fingerprint scanners, though the technology never really exploded for PCs. It's mostly used as a secondary means of authentication in strict enterprise environments.
Other plans to kill the password are more…esoteric. At the AllThingsD conference in 2013, Regina Dugan, Motorola’s head of advanced technology and projects group, outlined some of the ambitious experiments in progress to obviate the need for PINs.
Using an electronic tattoo for password-free device authentication sounds crazy—do you really want to brand yourself forever to skip your phone's lockscreen?—but it's already happening. Just this week, Geek.com reported that VivaLnk worked with Motorola and now offers temporary tattoos with a small NFC sensor that can be used to unlock your Moto X. The tattoos come in packs of 10 for $10 and stay on your skin for 5 days.
Dugan's other idea sounds like something straight out of Minority Report: Taking a daily password pill, just as you would a vitamin. The pill features a small chip with a switch that uses your stomach acids to activate, creating an 18-bit, ECG-like signal inside your body. "My hands are like wires, my arms are like alligator clips," Dugan said. "When I touch my phone, my computer, my door, my car, I’m authenticated."
ATAP—which is remaining with Google when the rest of Motorola is sold to Lenovo—is working with a company called Proteus Digital Health to make these pills a reality. Proteus already has FDA approval to create an ingestible sensor, though its efforts are largely focused on using the sensor as a medical device.
Killing the password comes with troubles of its own. Researchers have already duped the fingerprint sensors in today's phones using Mission Impossible-like tactics, creating thick, high-DPI recreations of the phone owner's fingerprints. After Google's I/O keynote, security experts were quick to point out that relying on a single Android phone as an authentication tool for your devices created a single point of failure for would-be hackers.
But still, in a six-month span that's already seen numerous, massive security breaches resulting in the breach of half a billion accounts' worth of data, the idea of moving beyond passwords holds vast appeal. Sure, the transition has its perils along with the promises. But nobody loves passwords.