Google may abandon passwords for 'trust score'


#1

[Read the post]


#2

Except that the police can’t make you put in a password without a court order, but they can use your biometrics, location, etc.


#3

Snapchat: “Please a take a pic of your dick so we can confirm it’s really you.”


#4

Yeah, I don’t like this as the only way to log in. I don’t want to give Google my biometrics or my location (what if I’m traveling?), and what if I want to log in using a new device or a trusted third party’s device (i.e., spouse’s smartphone)?


#5


#6

This is a fucking garbage idea.


#7


#8

It has pretty good potential, I think, but “this year” seems premature.


#9

If you have a process running continuously on the device to evaluate trust, that process itself should be able to obtain a hardware id unique to the device, and that’s the real trust id. The device is the key. The typing speed and camera should just be used to confirm that the device isn’t likely stolen.


#10

The old adage is:

  1. Something you know
  2. Something you have
  3. Something you are

I can see where some of these indicators Google mentioned could be useful, but guess what happens the first time I get locked out of my bank because I travelled?

Besides, I’ve worked with enough anti fraud systems to know how… emergent… this technique is. The phrase, “well, we didnt think that would happen” is muttered with alarming frequency.


#11

As my wife just pointed out, what happens when you’re sick or injured, the phone has been shaken around in an unusual pattern because of a fall or accident, and your hands are shaking?

The first time someone gets locked out of calling for help because their phone doesn’t believe they’re authorized, Google will have a new significant shareholder.


#12

No problem, you just sign up for a new account as you no longer have access to your old ones.

I know people who currently can’t reliably login to google accounts with a password already because google doesn’t trust the login locations or ISP. Just moving to a new part of town was sufficient to lock them out.

Have a problem with that, well, you no longer have and account/voice to complain with.

As for not letting google have your biometrics or location, your pretty much going to have to not use google in the first place, else they have them if the device can possibly give it to them.


#13

Having had this happen, you are leaving out the next step: you reset your password and then gain access to your account again.

I know it ruins your story you built up, so very sorry about that.


#14

Well, I use gmail everyday and I haven’t been locked out. I use the same device and have push notifications, but my location is always turned off.

I got the impression from @xeni’s post that this wasn’t in stone…yet.


#15

When you’re traveling or something and they decide you’re not you, is there going to be a quick and easy way to get the problem resolved? (HINT: The answer is no.)

You can already now get locked out of all the major email providers traveling abroad if you don’t have cell phone service. Being you and knowing your own password is no longer sufficient. Kind of defeats the original purpose for why I switched to web-based email to begin with.


#16

Self driving cars?! That’s crazy talk!


#17

Kind of like now how if you enable two factor authentication there are no backup / alternative authentication options that you can use in case your normal second factor is unavailable. Oh wait, that isn’t the case at all, and you can use SMS, an authenticator app on your phone (which does not require network access), a hardware token, or backup codes that you print and store in your wallet or a safe location.


#18

My phone can’t even recognize what I’m trying to type half the time. So why should I trust it to recognize me by location or habits? Especially if I’ve gotten lost driving (which by definition means i’m in a new and unusual location) and am trying to use Google Maps to get home?

Yes, it’s a stupid idea and I hope they never implement it.


#19

I was about to write a much longer post to say this exact same thing. Can I get a job at Google? At least my bad ideas aren’t that bad.


#20

might sound good on paper but we don’t use paper do we