Question
How did it get to April 1st so quickly. I assume this is a wind-up?
Google is planning to use “trust scores” to kill off traditional passwords on Android. The internet giant wants to get rid of password logins, at least for Android apps, by 2017. Google outlined its plans at its I/O conference last week. Google's Trust API technology would use a variety of metrics to create a trust score. …
"Factors such as typing speed, vocal inflexions, facial recognition and proximity to familiar Bluetooth devices and Wi-Fi hotspots would be used to calculate the score"
So, for this to work, some or all of these factors have to be enabled. Naturally the increasing data slurp is just a coincidence...
Still wondering how that will work since I generally don't use bluetooth, have the camera off or obscured (or broken, but that was an accident), and often turn the wifi off when not using it. The GPS isn't on either, and I don't type that much that often to allow for sampling that.
Perhaps my phone will decide I don't exist.
This post has been deleted by its author
Not everybody sees Technology as a god to be worshipped at every opportunity. Technology is an enabler, not the result.
You do know there is a real world beyond the edge of your screen, yes? Maybe 'Golden Age' rather than Stone Age - the Golden Age where people actually spoke to other real, live people and not just tapped a keypad in some filthy little bedsit somewhere (see, I can generalise and be rude too. But I'm not hiding behind the Anonymous Coward shield...).
Given the choice between the chance that some scumbag might bother trying to crack my password or allowing Google to force me to tell them where I am and what I'm doing all the time, I will stick with the password every gorram time.
@Not Bob
Nailed it.
Currently looking at "feature" phones/developing a deep understanding of AOSP* so that I can deliberately facilitate your last sentence for myself. It does merit consideration if this is a good idea in the long run however (data-boot proximity to facial regions being eternal and all...)
*that make file is pretty intimidating for a nOOb.
>Perhaps my phone will decide I don't exist
Even if it admits to your existence, what precisely is the point of a mobile device that checks you're in a familiar location? I have proper computers in the places I find myself most frequently: Android is for the random places the Cat 5 doesn't stretch.
Add me to that list.
I keep mi phone in Ultra power saving mode 98% of the time because, Hey, it's a Phone and that's what it works as in that mode.
The only time I take it Out of that mode is when I'm using it as a Music player in my car.
And all That music is on the MicroSD Chip inside the phone.
I'd add the Music player to the apps that are allowed to be On in power saving mode, but there doesn't appear to be any way to do that. It's one of the apps that Google has decided, in their "Wisdom" needs internet Access even though I never download music to the phone from the internet. I purchased the CDs instead.
I am still living in my motorhome, travelling around the UK.
The wifi hotpots vary wildly day to day. And depending which dongle I have running at any one time due to monthly data limits, all of the wifi I see today may be utterly different to what I see tomorrow.
This won't work here for sure.
Exactly my thoughts.
"We see you are not using your mobile Banking App for YXZ Bank. Perhaps a new account at ABC Bank would be of interest to you?"
Personally, what apps/web-pages I access etc I run on MY device is of no business to the likes of Google.
IMHO this is just to get even more intersting fact on their userbase so that they can monetize it (and you for that matter).
Biometric authentication.....blah blah data mining....blah blah advertising.......blah blah monitoring...............oh............yes.............wait.............it does some security stuff too.
Nice to see my rather jaundiced opinion of Google's real priorities reinforced.
Before you all go mad, just remember, if you're bothered I am sure there will be a way to use higher security.
I don't really see how this gets rid of passwords though? Surely it is just a better lock screen.
I think it's a good idea, currently I have my phone unlocked longer than I really should security wise. I have Google Authenticator on it and Android Pay which I really wouldn't want anyone using for nefarious reasons. So it's slightly better than no security.
@ Peter 26
Before you all go mad, [...]
Too late, the predictable knee-jerk ranting has begun.
Personally, if my phone can reliably determine that I'm me without me having to faff about entering passwords, I'm all for it. Whether the technology ends up being up to snuff is another matter, but I'll hold fire until I know more about how and how well it actually works (crazy, huh).
I used to find the comments on The Register to be highly entertaining and or insightful.
Seems to have regressed to a state of mostly unintelligible criticisms of technological progress.
But but what If I don't have bluetooth? What if I'm in a foreign country? What if I lose my thumb and can't use my thumbprint scanner? What if I have a face transplant and it doesn't recognise me? What if I want to set a password?
I wouldn't even mind but it's almost always said by people who massively overestimate their own knowledge and experience. Presumably earned from years supporting users.
"I wouldn't even mind but it's almost always said by people who massively overestimate their own knowledge and experience. Presumably earned from years supporting users."
@Zilla ! Oh thank you. That is the perfect description of a lot of people. And not necessarily from the tech sphere. After interacting with a few dozen 'normal' people in a day, most everyone comes away with undeservingly inflated egos.
@Zilla - that depends on your definition of progress, now, doesn't it? If your definition of progress is every last little new thing that Google flings at you, then yes, I'm amongst the cave-dwellers, as I prefer to use my critical faculties to decide whether what companies want me to use is up to scratch or not.
If, however, your definition of progress is the introduction of new technologies that are likely to work well and make life better, then I'm not a cave-dweller - but I will say no to stuff that's thrown our way that has clear drawbacks and possible dire consequences if/when it fails.
For me though, the point of failure is Android itself. No, actually, cancel that; it's the modern 'smartphone', but Android just appears to be the worst (due to insecurity) of the OS's on offer.
Personally, I've no intention of paying desktop PC prices for something insecure which I've little control over that's sold filled with crapware I've no interest in, and which can't be removed. Hence no smartphones for me. A dumb phone plus a Psion II would suit my needs far better than any current smartphone (and would probably be cheaper too, if they still made P-II's).
I have no issue with technological progress where it improves my life and is not intended solely to allow Google or any other money-grabbing bunch of snooping businessmen to spy on me.
I value my privacy and do not want to walk through some shopping mall where all the adverts address me by name and base what they show on the websites I visit (how many flight simulator programs are there for PCs now, and what the hell would they show me based on the content on El Reg??).
Zilla, did it ever occur to you that its because some people have supported users for years that they no longer think technology is such a great idea? What happens if someone takes over at (insert Supplier name here) and tells you they want you to give them half your yearly earnings or they cut your services off? What are you going to do when you suffer a power cut and you can't speak to anyone or go anywhere cos your fantastic robohome has gone into secure lockdown mode until the power comes back?
Perhaps you would share your own knowledge and experience so we can see how massively we have overestimated our own...?
Personally, if my phone can reliably determine that I'm me without me having to faff about entering passwords
Problem 1: it's not your phone. You have bought permission to use the device at the discretion of Google/device manufacturer.
Problem 2: It's not the phone that is determining it's you. The authentication will be performed in some anonymous data centre using data which is out of your direct control.
"I don't really see how this gets rid of passwords though? Surely it is just a better lock screen."
They cease to be necessary because your phone will use it's own 'awareness' to determine who's using it and allow only you to access your stuff. No need to provide a password, which exists purely for the exact same purpose.
So, say you want to access your mobile banking app. The phone checks a variety of things to make an assessment of whether it believes you are you. I it's convinced enough that you are, it lets you access your account. If not, it says 'no, I don't think you're you, sorry' and just gives you access to non-harmful stuff like Angry Birds.
I'm willing to bet the first thing this does is renders all Android phones (Aside from 2-3 £800 flagship models) unusable.
Google email throws a hissy-fit every time it thinks I'm in a different location. And if it demands a password then it defeats the whole "extra convenience" this idea is supposed to provide. And that makes the situation even worse, because it's now demanding that you remember a password you have not used in six months.
Just as it would work for people who have an elastoplast on the thumb they use for their fingerprint scanner - they enter their passphrase instead.
There is even precedent - it is not unknown for a card issuer to telephone a card holder if the card is used in unusual circumstances, to request further authentication beyond the card and PIN themselves.
(Though of course you should not give any information in those circumstances, but instead ring off, ring a trusted party such as a friend, ring off and then ring the number on your card or bank statement. The idea of ringing a friend is to make sure than any would-be spoofer hasn't kept your line busy - this has been known to happen on UK landlines, I don't know if it applies to mobile phones )
How is this going to work for business travelers, who may need urgent access to their accounts in the event of travel plans getting screwed up?
Just do what my friends do and email all your contacts to explain the situation and ask them to wire some funds via Western Union. I never seem to get much thanks though.
Um, you can't get access to your phone, because it doesn't think it's you, because you are in 'foreign'. So you better hope there is one of those old-fashioned internet cafes nearby, or you're boned.
This 'idea' has Catch 22 written all over it. I especially loved the part from the quoted 'expert': "gaining data and insight about their customers," Yep, that's what it's all about alright.
Just how much utter crap apparently intelligent people can spout or even think.of.
This is how long is a piece of string security so not so much security as an excuse to suck more data about you.
Currently most of the criteria the article talks about is unavailable from my phone by my choice.
"Hollywood movies messed up everyone's expectations in this regard."
Nonsense. If anything, the historical documents movies have thought us that the only absolutely reliable way to confirm a questionable identity is by kissing. I anxiously await the day when machines get equipped with _all_ the appropriate hardware interfaces for a thoroughly exhaustive identification of that nature - I insist securing my bed to the highest standard...
But for many people that's ALL THEY HAVE. So they're all you have to work with. If you say that's not acceptable, then you're saying these people CAN'T be secure and that they're a lost cause. Sounds like you need another idea that doesn't rely on memories or things that may not be present.
This post has been deleted by its author
"As for revocability, thanks but no. Up to me."
That latter is exactly what it does mean. As in "You should be able to revoke the current authentication and replace it with another." i.e. changing your password.
What it doesn't mean is someone else can do it for you, which is what I think you took it to mean..
There you are, finally got your smarter than good for you phone out of your pocket with your non-broken arm and the things doesn't recognise your slur, bloated face and bloodshot eyes. However, you can still play candy crush while bleeding to death,.. hooray!
How will the phone know the difference between being in a car crash and being dropped? The G force would be similar. If it is tracking your instantaneous speed that's a pretty small line between "rear ended another car while going 30 mph" and "slammed on my brakes at 30 mph to avoid hitting another car".
If I'm holding my phone in the passenger seat and the driver slams on the brakes, if I'm not holding the phone tightly enough it might fly forward and hit the windshield. Sure don't want it calling 911 because it thinks I was in an accident. The phone simply doesn't have enough information to do this reliably, and would waste the time of emergency services.
Relax, citizen. Your phone has been in contact with you car's network and knows the airbags have deployed. The emergency services and the police have already been notified. Do not concern yourself with practical matters now, there's no need - detailed video, driver input and instrumentation data of the last minute preceding the crash is already being reviewed by your insurance company. Cars approaching your contorted wreck are automatically warned to avoid you. Based on the slowing pulse detected by your fitness clock/bracelet you're not long for this world, so right now your phone is tactfully inquiring whether you'd like it to call a loved one...
downvoting all the negative comments. This little observation leads me to the following question:
Yo, Google! How many social media trolls do you employ as media analysts?
Biometric Trust Score for unlocking your mobile phone/device/gizmo has got to be one of the dumbest ideas I've ever heard. Who's going to write that software? The same people who wrote Stagefright? Stagefright is the gift that keeps on giving. It still hasn't been fully mitigated.
Just sayin'.
Says Richard Lack (I would hold this up as a case of nominative determinism and upon careful consideration of his comments, I will), “The future lies in methods of authentication without passwords, which consumers clearly favour, both in terms of convenience and enhanced security...” which really means they want technology that is sophisticated enough to be magic. consumers want to be able to have their phones, financials and abodes only open to themselves and those they allow without having to do anything or know anything. That last might make a good metric of customer acceptance. If you would trust access to your house to a given technology after being made to understand the risks, benefits and operation, then it is probably OK to use to protect access to your phone which in turn allows access to your bank, credit cards, et cetera.
Mr Lack goes on to say, “Biometric authentication is a powerful enabler, allowing businesses smart enough to deploy it to significantly increase rates of registration, gaining data and insight about their customers, while also increasing customer security. This is a win/win scenario...” No, these are arguably mutually exclusive as the idea here is to allow the businesses in question to gather consumers' biometrics rather than to have a third party provider authenticate your identity based on your biometrics. A big win for big business, but not so much for individuals.
"which really means they want technology that is sophisticated enough to be magic. consumers want to be able to have their phones, financials and abodes only open to themselves and those they allow without having to do anything or know anything. That last might make a good metric of customer acceptance."
That's pretty much what they want because for many people what they ARE is ALL THEY HAVE. They have poor memories so don't KNOW anything and all they HAVE is the phone so they don't have anything else to authenticate with.
Lets see.
Selfie camera - never used, generic protective case (not phone specific as from an old defunct phone, so not a perfect fit for current one but does job of protection) obscures the selfie lens anyway. So not explicitly disabled but useless.
Bluetooth - off as never use it
Wifi off - use phone data, do not want to have phone jump on dodgy wifi and be subject to MITM attacks etc.
Location - off (may be transiently turned on for occasional specific reasons e.g. if out in middle of nowhere and want to get accurate coordinates to record position of something interesting e.g. a protected orchid species worth notifying the appropriate people about )
So, they would be struggling to get any useful data, beyond typing speed to prove the phone user.
Not that typing speed would be massively reliable, in the UK, using phone out and about, my typing speed varies a lot, e.g. in cold winter with gloves on (you can get gloves that allow phone use) typing a lot slower / more error prone. In rainy weather, typing more erratic as rain often gets on screen & screws up typing. My typing style probably only reliable if indoors and even then not if I'm distracted by chatting to someone whilst typing.
have *actually* worked with anything other than username/password security ? Because there seems to be a lot of (being charitable) ignorant nonsense being spouted.
First off, as an enthusiastic user of Google Authenticator (other 2FA solutions exist) I know immediately that losing my 2FA device (in this case my phone) isn't the end of the world, as Google allows you to pre-seed a set of 10 keys for such occasions.
Similarly, when my 2FA key for work got broken (it's all very well them being supplied as "keys" but with the punishment most sets of keys get, failure is inevitable) it was the work of a phone call to have my account temporarily "de-2FAd" until they got a new one to me.
For the supposed brightest and best of the IT world, a lot of commentards aren't half grumpy old sods.
If you start (as I do) from the premise that the "classic" username+password authentication paradigm is broken, then you have to accept we need something new. It may - or may not - be what Google are cooking up. But at least they're trying.
It's not just me that has decided classic authentication is broken, btw. Most UK banks do. Hence 2FA card readers.
Incidentally, it seems Google are trying to clarify situations where *identification* is separate to *authentication*.
"For the supposed brightest and best of the IT world, a lot of commentards aren't half grumpy old sods."
I have never been among the brightest and best of the IT world, though I am a grumpy old sod.
But even I can see that a company full of PhDs may possibly have engaged a little more in the way of brain cells in the matter than people posting after a few minutes of consideration. Which is why my own instinctive reaction is "there could be problems with this but let's see how it works out in practice."
If you start (as I do) from the premise that the "classic" username+password authentication paradigm is broken, then you have to accept we need something new.
It is, but that's an argument for 2FA, not for some mumbo jumbo voodoo crap replacing the password. There's already a workable solution for higher end smartphones: the fingerprint reader. And I still get the ability to use the password if I need to.
Biometrics have 2 serious drawbacks
1) They are easily defeated. Pictures can defeat face recognition, recordings can defeat voice recognition, images can defeat fingerprint recognition. It is not so hard to take a picture of someone else and be them.
2) If you suspect your security has been compromised, you cannot change your face / voice / fingerprint.
Passwords however cannot be forcibly extracted from your brain by any means short of torture. They are easily changed if you suspect a breach.
Based on this I would say that the password paradigm is not broken. This does not mean passwords are perfect. Users pick stupid passwords, fall victim to phishing attacks etc. 2FA can help mitigate that risk to some extent, particularly for high value systems such as online banking. But 'something you know' is likely to remain the strongest element of any 2FA system. I for one am not ready to give up my password.
The reason there is much interest in the industry is not because of improved security. But because it is something new and flashy that encourage users to replace kit and hence improve the market share of the company selling it. It may well be that the marketing departments try to sell it as 'better security '. But that would only be true for those users who use pas55w0rd everywhere and write that down on a post it note in case they forget. For those of us even remotely security aware, GOOD passwords are still the cornerstone for keeping the bad guys out.
"Passwords however cannot be forcibly extracted from your brain by any means short of torture. They are easily changed if you suspect a breach."
Unless you're TRICKED, and the trickster changes the password ahead of you to block you regaining control...
"But 'something you know' is likely to remain the strongest element of any 2FA system. I for one am not ready to give up my password."
But what about all those people with bad memories for whom "something they KNOW" is likely not an option? That's the big bug-a-boo about passwords: it relies on something that for many people is very finicky and at plenty of times may not be reliable enough.
Preferred by consumers certainly, but is this preferred by identity theft victims?
Let's put this technology on the front door of your house, and more to the point, do so without your authorization or input or with any regard to what you may think. So now, depending on how fast someone may type, what they look like, what their voice sounds like, your front door may accidentally determine some drunk bloke careening down the lane is authorized to come ramble around your flat at 2 am on Tuesday. Irrespective of what keys may reside on whoever's keychain.
Surprise!
"someone who could be a person's identical twin down to voice, speech, and motion mannerisms can pass for you on a given night?"
It all depends on how tight are the tolerances for the biometric measurements. My bet is that said tolerances won't be tight at all, due to things like ambient noise, variable light levels & light colour, hairdos and dyes, glasses and sunshades, ...
If that's the case, probably any chap superficially resembling you and able to modulate his voice to more or less sound like yours may be able to unlock your phone.
Except for the facial recognition part, how would the following, very unlikely (not) scenario play out?
Your phone is there, sitting on the coffee table at home. So it is near all the Wifi, Bluetooth whatevers you have. It is connected to a known network, of course. Location says it is home, obviously.
Then your 6-year old comes along and decides to play with your phone... What could go wrong?
Or worse, someone mad at you comes along and finds the phone... With malicious intent. Could a photograph of you fool the facial recognition, by the way, or is that already solved?
Would the typing pattern criterion take care of this? How? Would we have to provide typing samples every time to authenticate? Sounds very practical (not).
Edit: forgot about the voice recognition thing, too. So this scheme would have to use everything to be secure? Well, we'll see how this works in real life (because in marketing land it will always be rainbows and unicorns).
That's what Google has on my personal trust score rating. I'm quite happy for them to share the same sentiment about me. Call me old fashioned, but convenience is not more important than security/privacy. I'll choose complex passwords or (better) multi-factor authentication over biometric and telemetry slurp any time, thank you.
That isn't questioning the integrity of the trust score, it's saying privilege escalation vulnerabilities are a possiblility and if they exist, the device is only as secure as the weakest app (the app with the lowest required trust score).
Once access to that app has been gained, privilege escalation could be used to gain access to sensitive enough areas to the disable protection on the higher trust score apps.
The internet giant wants to get rid of password logins...
Games and basic tools would be run even if only a low trust score was achieved
Can't people see their masterplan is to de-personalise your mobile device and transition to Android-in-the-cloud? They want you to be able to use any Android device to log-in to your Android-cloud session with private cloud apps tied to your ID, but local device Apps shared to anyone. The strategy is to bind users to Android so it becomes socially-awkward to switch to a different platform, particularly one with better security.
http://www.rte.ie/news/2016/0524/790608-terms-and-conditions-readathon/
"A Norwegian consumer group has begun a marathon live "readathon" in an attempt to highlight the unrealistically lengthy terms of service and privacy policies that people must sign up to when using apps on an average smartphone. The current state of terms and conditions for digital services is bordering on the absurd,"
"over the past two decades the world has been innovating less"
http://www.bbc.co.uk/news/36342723
You can believe that or you can listen to some corporate lackey (Lack??? 'Even your name is a dime-store joke')... The type whose always claiming we want more of this.. If this is the future then get me off this f'ing planet...
“The future lies in methods of authentication without passwords, which consumers clearly favour, both in terms of convenience and enhanced security,” Lack commented. “Biometric authentication is a powerful enabler, allowing businesses smart enough to deploy it to significantly increase rates of registration, gaining data and insight about their customers, while also increasing customer security. This is a win/win scenario which sounds the death-knell for awkward and insecure passwords sooner than we may imagine.”
The article runs that phrase as its byline.
But what exactly does it mean?
Someone tricks me into installing an app that somehow manages to escalate its privilege level and then when that someone "borrows" my phone the app will let him/her gain access to everything?
How is that any different from the system in place now? Once you have installed malware all bets are off, regardless of you locking the front door or not. The two are hardly related.
Or is the thinking here that through some secret menu the guest user will be able to unlock everything?
"Biometric authentication is a powerful enabler, allowing businesses smart enough to deploy it to significantly increase rates of registration, gaining data and insight about their customers, while also increasing customer security"
...if you find you've been hacked, you can change your passwords. You cannot change your fingerprints + eye colour.
http://www.theregister.co.uk/2014/09/23/iphone_6_still_vulnerable_to_touchid_fingerprint_hack/
I also don't imagine its too hard to trick a device into doing things via a remote malware-installed connection, while the device thinks its in 'trusted' surroundings.
Biometric authentication is a powerful enabler, allowing businesses smart enough to deploy it to significantly increase rates of registration, gaining data and insight about their customers, while also increasing customer security
1st, increase registration.
2nd Gain Data
3rd Track usage
4th Oh yeah, security.
What a bunch of horse shit.
Not to mention, here in the US your bio metrics can be subpoenaed by court order to make you unlock your phone. Your PIN, however, is exempt.
Authentication is a concern of ordinary people these days, and passwords don't work, as every single unauthorised data release of password choices demonstrates.
Those of us with painstakingly-thought-through password strategies are pretty irrelevant. We're the tiny minority. And we're probably even the minority of IT people in charge of systems that are supposedly 'secure', given some of the hilarious failures in IT departments of well known brands over the years.
So downvote all you like. Passwords had their chance, and they failed.
I am using my phone and it is sure I am me. I put it down for a minute and go the bathroom. Someone else picks it up. How can it recalculate a trust score based on stuff like typing speed etc. immediately after someone else has grabbed it. Unless they point the camera towards their face, how is it going to know it wasn't me picking it up again.
This is stupid, Google is just looking for an excuse to collect ever more invasive data on you. Glad I won't have to deal with this latest data grab!
If you have to do the normal unlock stuff to unlock it, what's the point of this? Is it to figure out if someone else is handling your phone after you already unlocked it? Unless you leave it laying around all the time, generally when someone else is handling your phone it is because you want them to look at something, it would be counterproductive if it decided to switch off because it figured that out.
Still think the idea is stupid, and even stupider if the normal methods of unlocking are still required. I thought the whole point was that this would bypass the need for stuff like passwords, fingerprints, etc. If not, then what good is it? (Not that it is going to be all that good at the other, either)
“The future lies in methods of authentication without passwords, which consumers clearly favour, both in terms of convenience and enhanced security,” Lack commented.
s/b
“The future lies in methods of authentication without passwords, which consumers clearly favour, both in terms of convenience and enhanced security lack", he commented.
?
Was using HTC smartphones for a decade but they both died (XDA IIs / XDA IIi thank you for your loyal service)...
Now I've gone back in time and am using two very simple phones, just Samsung GT E1200, (like something from a decade ago).
I 'do' internet via desktop Linux only.
The risk / reward otherwise just isn't worth it... Plus when you don't share airwaves you don't have a watered down 'limited unlimited' connection. Bad deal for users, great deal for telcos!
Android already lets me set up safe zones using location or proximity information so I don't have to put my unlock password in while connected to my car's bluetooth, or my home's wifi. This seems like an extension of that thought process.
I am just glad I don't work on a telco helpdesk. You can't log in Sir? Please take off your sunglasses so the phone can get a good look at you. No.. ok, are you swiping through the menus faster than normal? Well you can't do that, yes I know it's hard when you're frustrated but you have to calm down or the phone won't recognise you..
False acceptance must be zero or very close to zero. Then false rejection necessarily occurs. Falsely rejected users must be rescued somehow. In cyber space, the users have to rescue themselves if they are not ready to accept the denial of access. They need a password for fallback. Passwords will never be allowed to go away.
The following video explains how biomerics with a fallback password makes a backdoor to password-protected information.
https://youtu.be/5e2oHZccMe4