25 May 2016

This Has Fail Written All Over It

Some whiz kid (as in urine for brains) at Google has decided that they can simply profile you well enough to do know who you are:
Google will begin testing an alternative to passwords next month, in a move that could do away with complicated logins for good.

The new feature, introduced to developers at the company’s I/O conference, is called the Trust API, and will initially be tested with “several very large financial institutions” in June, according to Google’s Daniel Kaufman.

Kaufman is the head of Google’s Advanced Technology and Projects group, where the Trust API was first created under the codename Project Abacus. Introduced last year, Abacus aims to kill passwords not through one super-secure replacement, but by mixing together multiple weaker indicators into one solid piece of evidence that you are who you say you are.

Among the pieces of evidence that Google suggests the Trust API could use are some obvious biometric indicators, such as your face shape and voice pattern, as well as some less obvious ones: how you move, how you type and how you swipe on the screen. With the service continually running in the background of the phone, it can keep track of whether those indicators match how it knows you use your phone.

Individually, it would be ludicrous to use any of those methods to secure web services. Even facial recognition, now built in to many Android phones, is significantly less secure than a fingerprint scanner, according to Google’s own metrics. But combining them can, the company suggests, result in something more than 10 times as secure as a fingerprint.
This is a verification system that would fail when, for example, you have a migraine coming on, or when you have fallen and broken your wrist, or when you are shaken up following a car crash, then you cannot unlock your phone.

I understand why Google likes this,  "With the service continually running in the background of the phone," it means that they can invade your privacy, and sell your data to identity thieves even more efficiently.

For the rest of us, it does not make a whole lot of sense.

0 comments :

Post a Comment