The details are only now rolling out about the plan, because Google invited Reddit user Rohit Paul to test the feature.
Any kind of change, especially in an area as sensitive as privacy, is bound to draw some skepticism, but the new system Google is designing seems to hit the sweet spot of improving security, while making it basically easier to access your account.
As Paul describes it:
“You authorize your phone to allow you to log into your account.
You go into a computer and type in your email.
Then you get a message on your phone to allow the login. If you hit yes, the computer logs into your Google account without a password.”
Tech companies have long viewed passwords as an inherently suspect form of security, providing too little verification and granting too much access. Once someone has your password, they have access to everything and can even lock you out of your own account. Tying login credentials to your phone would mean as long as you have your phone, you should be pretty secure.
Possible issues arise if your phone is stolen — it does make them somewhat more valuable if they offer a key to a lot of private, possibly financial information, especially if the new form of verifications catch on — but at least it’s usually clear when that happens, while theft of a password may take months to discover.
The threshold for this new procedure taking off is probably more convenience-based than security-concerned. Many people will find having to reach for a phone to verify a login inconvenient, though these people also probably have pretty weak passwords to begin with.
Passwords are supposed to be long, convoluted arrays of numbers, letters, and symbols that constantly change (“Aqe3a7d18asdf3”). The question will be whether the people who already choose convenience over security and keep lax passwords (“abc12345”) will be willing to reach for their phones, because if you’re doing it right, the new system sounds easier and stronger still.
There’s no word on exactly when Google will formally roll out the new process, and as of now, the process only works on certain compatible phones.
As for those of us who have a reputation for leaving our phones in bars, taxis, or restaurants — not to mention just having them stolen — the new system may not be perfect. The only hope is that maybe with less brain-space cluttered by passwords, we can do a better job of not losing our phones in the first place.
There’s no word on exactly when Google will formally roll out the new process, and as of now, the process only works on certain compatible phones. Whether the new system is imminent or not, it’s still probably worth changing your outdated passwords. After all, nobody wants to be the last person hacked on an outdated technology.