Conventional passwords might soon be a thing of the past, or at least on devices running Android. Google announced at I/O last week that it’s pushing ahead with plans to replace passwords with “trust scores” that incorporate various data points about users to determine whether or not they’re legitimate. Its Trust API is the result of its year’s-worth of password work, and it’s rolling out to “several very large” financial institutions in the coming weeks.
“Assuming it goes well, this should become available to every Android developer around the world by the end of the year,” Dan Kaufman, head of ATAP at Google, said at I/O.
The trust score is based off various user-specific data points, including current location, facial recognition, and typing patterns. Certain apps could require different scores. A banking app might want a higher trust score than Instagram requires, for instance. The Trust API always runs in the background of users’ devices, monitoring its sensors and information to so that it can provide apps with the current trust score — basically its confidence level that you are who you say you are.
“We have a phone, and these phones have all these sensors in them. Why couldn’t it just know who I was, so I don’t need a password? I should just be able to work,” Kaufman said.
Although the API’s release is contingent upon a successful trial with banks, this appears to be promising research, especially considering how terrible traditional passwords are, even when they’re coupled with two-factor authentication.