Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 6 MINUTES AGO.
You are here: Home / Data Security / Google Tests Password-Free Logins
Google Starts Testing Password-Free Logins Using Your Phone
Google Starts Testing Password-Free Logins Using Your Phone
By Shirley Siluk / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
DECEMBER
22
2015
Passwords -- especially weak ones or those used across multiple systems -- can create all kinds of vulnerabilities and security headaches for people and businesses. That's why Google is now testing an alternative way for users to log into its services.

The test was brought to light yesterday when reddit user rp1226 posted documents and screenshots from Google's experiment on the Android subreddit.

The system being tested works like this: After entering an e-mail address on Google's login page on a computer, a user's phone is sent a notification asking if he is trying to log in. Upon answering, "Yes," the user is then prompted to indicate by phone which number is displayed on the computer sign-in page; choosing the right number automatically logs the person in.

Growing Use of 2FA

Google's experimental login system works much like the Account Key method launched by Yahoo in October. Available on iOS or Android devices, the Account Key login option for mobile Mail app is "more secure than a traditional password," according to Yahoo.

Many tech companies are looking for alternatives to old-school passwords that can be easily guessed, stolen or hacked. Another strategy being used to improve security is two-factor authentication (2FA), which requires users signing in by computer to verify their identities via second devices, usually smartphones.

For example, Amazon last month introduced a two-step verification process in private beta. Viewed as a way to add an extra layer of security for users, two-factor authentication has also been available for some time for users of Google Gmail and Microsoft Outlook, among others. Google did not respond to our request for more information about its password-free login test.

Password Pain on Help Desks

While many in the tech community have been predicting -- and agitating for -- an end to traditional passwords (Microsoft CEO Bill Gates made such a forecast at the RSA Security conference way back in 2004), passwords are still widely used. In fact, a report by TechNavio in June indicated that the global market for password management was likely to grow by 16.33 percent through 2019.

At the same time, momentum is growing for password-free alternatives. Last week, for instance, the adaptive authentication company SecureAuth released the results of a survey that found 66 percent of cybersecurity professionals were exploring password alternatives.

A full 91 percent of those surveyed agreed that "the traditional password will not exist in ten years," SecureAuth said. Passwords also create a drain on help desks, with more than a third of respondents noting that employees regularly ask for help with forgotten passwords.

"This survey very clearly indicates there is an appetite for multi-factor authentication solutions beyond the traditional password," said SecureAuth CEO Craig Lund in a statement.

Another survey by Ping Identity this month found that users are often careless about the security of their passwords.

"Employees are doing some things really well to keep data secure, like creating unique and difficult-to-guess passwords, but are then reusing passwords across personal and work accounts or sharing them with family or colleagues," said Ping Identity CEO Andre Durand. "No matter how good employees' intentions are, this behavior poses a real security threat."

Tell Us What You Think
Comment:

Name:

Saurabh Gupta:
Posted: 2015-12-22 @ 10:18pm PT
This truly limits the user's ability to move around devices without a phone. How about a solution like ReAn www.rethinkauth.com for eliminating weak passwords? It generates _very_ strong passwords from easy to remember secrets.

Like Us on FacebookFollow Us on Twitter
MORE IN DATA SECURITY
ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.