Google's testing a new password authentication feature that allows users to log in to an account without going through the hassle of typing in a long string of characters, also known as a password. The company has acknowledged that it is testing this new functionality with a small group of enthusiasts, but didn't say when it plans to roll out out the feature to the general public.
The Internet giant realises that typing in a long string of characters isn't the most convenient and secure way to let a user authenticate their identity, and has long been working on alternative methods, including physical USB key authentication, and implemented it as part of a two-step verification process. The company is now testing a way to allow users to log in to their computer with their mobile phone as the authentication tool.
Revealed by beta tester Rohit Paul on Reddit, who was invited by the company to test this new functionality, screenshots show the feature lets users worry only about typing in their email addresses when trying to log in to their Google account via their computers. Once they have done so, Google sends a notification to their smartphones in the form of a question, "Trying to sign in?". If users select "Yes", they are logged in to their account on the computer.
Users have to first authorise their mobile device, and it requires a screen lock to be turned on. They can deactivate the authorisation on lost or old devices. As before, users will also be able to enter passwords instead if they so choose, or are not near their smartphone. The company has acknowledged that it is indeed testing the feature. "We've invited a small group of users to help test a new way to sign-in to their Google accounts, no password required," a Google spokesperson told VentureBeat. "'Pizza', 'password', and '123456' -- your days are numbered."
Not only does this feature makes it easier for users to sign-in to their account, it also bolsters the overall security. Notably, the feature is similar to Yahoo's Account Key, which too uses smartphones to authenticate users and was rolled out back in October. By not using the traditional way to sign-in - which involves typing in a password - we can avoid a range of phishing attacks. This is because phishing attacks requires a user to be fooled into sharing their password or typing their password on a compromised website. Earlier this year, it made available a Chrome extension called Password Alert, which lets users know if they are using their Google account password on another website.