Google Rolls Out Password-Free Logins for Android Users

Google Rolls Out Password-Free Logins for Android Users

Throughout all of modern computing history, passwords have been the primary method of securing data. The problems with passwords are numerous, but things are slowly changing with biometrics, hardware security keys, and so on. Google is leveraging several new technologies to make one of its sites password-free, but only for Android users.

Google says it has automated protections that prevent unauthorized individuals from accessing user account, but no system built on passwords is perfect. You’ll never convince everyone to use strong passwords, and some of those who do will have to write them on post-it notes. For the first time, you won’t need to use a password to access your Google account data. However, that’s only true for one service and select Android phones right now.

Starting today, you can go to Google’s password manager site on your smartphone and log in with a tap. The password manager site gives you access to all the account credentials saved in Chrome and Android autofill. So, it’s a wealth of high-value data that could potentially allow an attacker to compromise many of a victim’s accounts. Instead of using a password to log in, you can use the secure unlock method on your phone — for example, your fingerprint. Tap the sensor to verify your identity, and you’re in.

The Pixel 4’s face unlock should work with this feature at launch, but current face unlock methods aren’t secure enough.
The Pixel 4’s face unlock should work with this feature at launch, but current face unlock methods aren’t secure enough.

Google doesn’t have fingerprint data on its servers — that stays locally on your phone. That’s also a fundamental part of the FIDO2 design spearheaded by Google and others. Google registers a platform-bound FIDO credential on your phone that serves to verify your identity not unlike a hardware security key. When you visit the Google password manager, the site uses a WebAuthn “Get” call to retrieve the stored credential. That works as a FIDO2 signature to verify your identity.

Currently, this feature only works on the aforementioned Google password manager site. You’ll also need a Pixel phone. The feature will roll out to all Android phones running version 7 (Nougat) or higher. Since this feature is plugged into the Android secure unlock feature, it should automatically work with any future secure unlock methods. For example, the advanced face unlock capability coming to the Pixel 4. Current Android phones with face unlock won’t count as a secure unlock method for the purposes of Google’s new login feature.

Continue reading

Samsung Starts Rolling Out Galaxy S20 Android 11 Update on Verizon
Samsung Starts Rolling Out Galaxy S20 Android 11 Update on Verizon

Not only does this include the Googley Android 11 enhancements, but it also has numerous Samsung-specific changes as part of the One UI 3.0 revamp.

Seagate Announces Its Own RISC-V Cores for Future Storage Controllers
Seagate Announces Its Own RISC-V Cores for Future Storage Controllers

To hit its 50TB per-drive target over the next few years, Seagate decided it needed a custom storage controller. RISC-V offered a solution.

Microsoft Denies Cutting Secret Deal With Duracell Over Xbox Controllers
Microsoft Denies Cutting Secret Deal With Duracell Over Xbox Controllers

Despite earlier rumors, there is no secret deal between Microsoft and Duracell to keep the Xbox controller using old AA technology.

PlayStation 5 Controllers are Suffering from Drift
PlayStation 5 Controllers are Suffering from Drift

Nintendo may have company in the unreliable controller market, though gamers aren’t going to be pleased with this particular method of feature-matching. Instead of, say, a PlayStation 5 you fold up and carry in your pocket without setting your pants on fire, the PlayStation 5 DualSense controller is apparently suffering from drift.The DualSense controller has…