At Google’s I/O developer conference, Daniel Kaufman, head of Google’s advanced technology projects, announced that the company plans to phase out password access to its Android mobile platform in favour of a trust score by 2017. This would be based on a suite of identifiers: what Wi-Fi network and Bluetooth devices you’re connected to and your location, along with biometrics, including your typing speed, voice and face. The phone’s sensors will harvest this data continuously to keep a running tally on how much it trusts that the user is you. A low score will suffice for opening a gaming app. But a banking app will require more trust. It’s part of a trend trying to build security and privacy into design, instead of making it the responsibility of the user, a way of doing things that long ago became untenable. Partly as a result of this, people stubbornly refuse to budge from old faithfuls like 12345 – even in an age of seemingly never-ending password leaks and hacks. Last week Microsoft banned the most commonly used passwords including password, 12345, and qwerty across several of its services including Skype and Outlook. Google hinted that it would be collaborating with major banks, but banks have begun to look into this independently. Many banks are already authenticating transactions based on a suite of background information. Especially interesting are behavioural biometrics like keystroke recognition, in which some banks have already shown an interest, because behavioural biometrics have higher recognition rates and are more accurate than classic biological markers. https://www.newscientist.com/articl...place-smartphone-passwords-with-trust-scores/ I'd rather have my password, thank you.
