Google trials password free two factor authentication
[dropcap]G[/dropcap]oogle has begun testing a new two-factor login system for its online accounts that uses only an email address and an authentication app on your Android device.
To log in to your Google account in a web browser, you enter your email address as normal. A screen then displays a number and prompts you to use your phone to sign in by pulling down the notification bar and tapping the sign-in notification. The app will ask if you’re trying to sign in from a computer and then ask you to select the number that you saw on your browser screen from a choice of three buttons.
Google isn’t the first major cloud service provider to move towards a password-free login system. Earlier this year, Yahoo announced that it would be rolling out its Account Key, which send a push notification to the Yahoo app on a user’s phone in order to approve a browser login.
The Android Police blog has distributed a copy of the test invitation email, where Google goes into more detail about how the system copes with contingencies.
Using a phone as a dual-factor authentication device could, in theory, make it more difficult for remote hackers to access your account, but means that your online existence could be more vulnerable to anyone with physical access to your phone. If you lose your phone, Google points out that a screen lock password will help to protect it, and says that “any time you lose your phone, protect yourself by signing in on another device and going to My Account. From there, you can review your device activity and remove account access from the lost device.”
A Google spokesperson told TechCrunch that: “We’ve invited a small group of users to help test a new way to sign-in to their Google accounts, no password required. ‘Pizza’, ‘password’ and ‘123456’—your days are numbered.”