Android users will be able to log in to services using a combination of their face, typing patterns and how they move!
Trust API is a new and novel feature that has been introduced by Google at the company’s I/O conference. The company’s head of Advanced Technology and Projects group Daniel Kaufman identified that this new technology will be firstly tested with various “large” financial institutions. The testing will most likely begin from June. Kaufman was the head of the group which is responsible for creating Trust API on the basis of another project that has been codenamed Project Abacus.
Project Abacus was developed last year to eliminate the use of passwords using a superior and better method that combined various weak indicators into a strong piece of evidence that makes use of your personality. These pieces of evidence might include biometric indicators, which, no prizes for guessing, include our face shape, voice, movements and the way we swipe or type on the screen. The software will run in the background of your phone, which will help it in tracking your movements and matching them with its indicators so as to determine who is using the phone.
Google has, thus, built Trust API much on the lines of this particular project and this year, the company has clarified that the service will be accessible to third parties as well, which will allow organizations to verify someone’s identity using biometrics. As of now, financial institutions like banks will be using it for the purpose of verifying customers that use Android apps to log in but by the end of 2016, this technology will be open for all.
We do know that individually biometric system is not as reliable and cannot offer fool-proof security on web-based services. Such as, facial recognition technology is already a part of a majority of Android devices but in comparison to this, the fingerprint scanner is more secure. However, Google’s Trust API tends to combine them both, which will result in making biometric system 10 times secure, just like a fingerprint.
The software won’t give a binary answer as is the case while we enter passwords the system will provide a score that will inform the user how confident the device is about the authenticity of the owner. Institutions that require higher score will program the API in such a way that it will ask for additional data that may be another biometric verification or an ole-style password.
The API seems to be similar to the program being developed by the London-based Nok Bok Labs. But we can assume that these are steps in the right direction. As customer identity management firm Gigya’s Richard Lack stated:
“Consumers tell us that they are struggling to remember what is now an average of over 100 passwords in Europe. At a time when the number of devices we own is rising sharply, this frustration has relegated the registration process to being the most broken thing about the internet. The future lies in methods of authentication without passwords, which consumers clearly favor, both in terms of convenience and enhanced security.”
Lack further added that:
“Biometric authentication is a powerful enabler, allowing businesses smart enough to deploy it to significantly increase rates of registration, gaining data and insight about their customers, while also increasing customer security. This is a win/win scenario which sounds the death-knell for awkward and insecure passwords sooner than we may imagine.”
Do remember that Google has already embedded similar tech on devices that run on Android 5.0 or higher version. It is called “Smart Lock” and it lets you unlock your device automatically if you enter the safe zone, which would be any location that you list as a trusted one. This will be done when a user connects with a trusted Bluetooth device, the device identifies your facial features or you are personally carrying the device.The Guardian Tech Crunch