We have discussed passwords many times on this blog and how poor password habits, such as easy-to-guess logins and reusing passwords across multiple accounts, can easily lead to identity theft and fraud. Password management can be difficult – we get it – and so does Google.
At this year’s Google I/O conference, the company announced Trust API, a new feature that will be available to Android developers by the end of the year that uses a combination of biometrics to create a “Trust Score.” The API uses biometrics such as your location, typing cadence, and facial recognition to determine if you are who you really say you are. If the Trust Score is over a certain number, the device will automatically log you in – no password or pin needed. If the Trust Score falls below a certain threshold, a password and two-factor authentication may be required.
Consumers often use easy-to-guess passwords and reuse them across multiple sites because they simply don’t want to remember multiple passwords. The same goes for two-factor authentication. Most consumers don’t turn on two-factor authentication because they want to access sites quickly, without the added step of entering a pin or answering a question. People want ease of use. We explored the issue in a 2012 survey that found that 61 percent of respondents reused passwords across multiple sites and 44 percent changed their passwords once a year or less. Despite the many high profile breaches over the past four years, it doesn’t seem like password habits have improved. Identity and access management firm, Gigya, conducted a similar survey last month and found that 56 percent of respondents used passwords such as names and birthdates, and only 16 percent created a unique password for each of their online accounts.
But are consumers ready to embrace biometrics such as location tracking and typing cadence? We’ll have to wait and see. The fact remains that our current password system has a lot of flaws and it is going to take a combination of consumer education and new technologies to reduce the impact of stolen and hacked passwords on consumers and businesses.