Google testing password-free logins

Google testing password-free logins
© Getty Images

Google is moving to reduce the password-based sign-in.

The tech giant confirmed Tuesday it was testing a new way to sign into a Google account without typing in a password.


“We've invited a small group of users to help test a new way to sign in to their Google accounts, no password required," said a Google official. "'Pizza', 'password' and '123456' — your days are numbered.”

The test is part of a broader effort among security experts, the government and major tech players to eliminate the traditional password, widely viewed as the most vulnerable part of any account.

Numerous researchers have discovered that Internet users still mostly rely on simple and repetitive passwords. This summer, Google researchers even found that extra security questions — such as “What’s your mother’s maiden name?” — are also easily crackable.

But no one has yet created a popular, easy-to-use, widely adopted alternative.

Google and other companies that manage sensitive online accounts, such as banks, have adopted two-factor authentication in which users are required to provide a one-time code that may be sent via text or email, in addition to a password.

But the two-factor process adds time to the login process.

A password-free alternative could be the ultimate ideal for both the user and the security expert — quicker and safer.

Google said its test will allow users to simply enter their email address when signing into a Google account. A notification will then appear on their phone asking if someone is trying to sign in to the Google account. If you tap “yes,” the login is approved.

If your phone is lost or stolen, users can remove that device’s ability to authorize account access.

According to Google, the current test is running on both Apple and Google’s operating systems.

Users would still retain the option of logging in with their regular password.

Google said the new process could help cut down on phishing attacks, a common hacking method in which cyber thieves attempt to lure users into entering their email and password on a fake Google login page.

The White House is also funding its own efforts to wipe out the password as the primary security code used to protect sensitive digital data.

Since 2012, a White House program, the National Strategy for Trusted Identities in Cyberspace, has backed a number of pilot projects aimed at finding new ways to identify people without a password.

Officials say some of these projects may start to hit mainstream markets in the coming year.