Google have plans to use “trust scores” to replace more traditional forms of authentication on its Android platform.
The Alphabet owned company wants to rid the Android platform of password based logins by 2017. Google recently outlined these plans at its I/O conference last week. Google would use its Trust API to leverage a variety of metrics to create a trust score.
Such factors as typing speed, vocal inflections, facial recognition and proximity to familiar Bluetooth devices and Wi-Fi hotspots would all be used to authenticate a user.
Games and other basic apps would run even if the resulting trust score was low. Although more sensitive apps, such as banking and mail apps would require the biometric and location-based data to line up and generate a high score.
This would, therefore imply that the phone would allow access to certain apps even if the trust score was low, providing an avenue for more examples of privilege based exploitation attacks. Although with a traditional password, if the password is forgotten the user has their own data locked away from them completely.
What this essentially comes down to is a matter choice, on the developer’s part, between security and convenience for the user, a familiar security question.
What do you think about Google’s plans? Will you embrace Google’s new technology, allowing your phone to decide whether or not you are you?