Google Rolls Out Password-Free Logins for Android Users

Google Rolls Out Password-Free Logins for Android Users

Throughout all of modern computing history, passwords have been the primary method of securing data. The problems with passwords are numerous, but things are slowly changing with biometrics, hardware security keys, and so on. Google is leveraging several new technologies to make one of its sites password-free, but only for Android users.

Google says it has automated protections that prevent unauthorized individuals from accessing user account, but no system built on passwords is perfect. You’ll never convince everyone to use strong passwords, and some of those who do will have to write them on post-it notes. For the first time, you won’t need to use a password to access your Google account data. However, that’s only true for one service and select Android phones right now.

Starting today, you can go to Google’s password manager site on your smartphone and log in with a tap. The password manager site gives you access to all the account credentials saved in Chrome and Android autofill. So, it’s a wealth of high-value data that could potentially allow an attacker to compromise many of a victim’s accounts. Instead of using a password to log in, you can use the secure unlock method on your phone — for example, your fingerprint. Tap the sensor to verify your identity, and you’re in.

The Pixel 4’s face unlock should work with this feature at launch, but current face unlock methods aren’t secure enough.
The Pixel 4’s face unlock should work with this feature at launch, but current face unlock methods aren’t secure enough.

Google doesn’t have fingerprint data on its servers — that stays locally on your phone. That’s also a fundamental part of the FIDO2 design spearheaded by Google and others. Google registers a platform-bound FIDO credential on your phone that serves to verify your identity not unlike a hardware security key. When you visit the Google password manager, the site uses a WebAuthn “Get” call to retrieve the stored credential. That works as a FIDO2 signature to verify your identity.

Currently, this feature only works on the aforementioned Google password manager site. You’ll also need a Pixel phone. The feature will roll out to all Android phones running version 7 (Nougat) or higher. Since this feature is plugged into the Android secure unlock feature, it should automatically work with any future secure unlock methods. For example, the advanced face unlock capability coming to the Pixel 4. Current Android phones with face unlock won’t count as a secure unlock method for the purposes of Google’s new login feature.

Continue reading

Massachusetts Passes Robust Automotive Right-to-Repair Law
Massachusetts Passes Robust Automotive Right-to-Repair Law

Right to repair advocates scored a major victory this week with the passage of Question 1 in Massachusetts. Hailed as the most advanced right to repair law in the land, Question 1 requires that automakers create an open data platform for sharing diagnostic and repair information with independent shops and vehicle owners.

Sony May Let Users Move Games Off PS5, Xbox Series X SSD Is User-Replaceable
Sony May Let Users Move Games Off PS5, Xbox Series X SSD Is User-Replaceable

Microsoft is using a user-replaceable SSD for the Xbox Series X, while Sony is researching PS5 game transfers.

Xbox Series X Launch Is Microsoft’s Biggest Ever, Causes ISP Traffic Spike
Xbox Series X Launch Is Microsoft’s Biggest Ever, Causes ISP Traffic Spike

Microsoft claims the Xbox Series X is its most successful debut in history and specifically calls out the Xbox Series S for bringing new players into the fold.

How Does Windows Use Multiple CPU Cores?
How Does Windows Use Multiple CPU Cores?

We take multi-core awareness for granted these days, but how do the CPU and operating system communicate with each other in the first place?