Google will begin testing an alternative to passwords next month, in a move that could do away with complicated logins for good.
The new feature, introduced to developers at the company’s I/O conference, is called the Trust API, and will initially be tested with “several very large financial institutions” in June, according to Google’s Daniel Kaufman.
Kaufman is the head of Google’s Advanced Technology and Projects group, where the Trust API was first created under the codename Project Abacus. Introduced last year, Abacus aims to kill passwords not through one super-secure replacement, but by mixing together multiple weaker indicators into one solid piece of evidence that you are who you say you are.
Among the pieces of evidence that Google suggests the Trust API could use are some obvious biometric indicators, such as your face shape and voice pattern, as well as some less obvious ones: how you move, how you type and how you swipe on the screen. With the service continually running in the background of the phone, it can keep track of whether those indicators match how it knows you use your phone.
Individually, it would be ludicrous to use any of those methods to secure web services. Even facial recognition, now built in to many Android phones, is significantly less secure than a fingerprint scanner, according to Google’s own metrics. But combining them can, the company suggests, result in something more than 10 times as secure as a fingerprint.
This year, Google showed how Trust API has built on the Project Abacus base. The service will be open to third parties, allowing other organisations to very your identity through the API. Initially, banks will use it to verify customers logging in through Android, but “by the end of the year”, it should be available to every developer.