Passwords will soon be obsolete, and Google’s Advanced Technology and Projects (ATAP) Project Abacus is here to show us how the future may actually happen. We’ve heard many infosec gurus claim that the password as we know it is coming to its end, but no one’s gone as far as this curious project.
More about Google’s Shield Project
What Is Project Abacus?
The first public demonstration of Project Abacus took place in May 2015, during the Google I/O conference. As Android Central wrote, the project is the result of a “massive collaboration with 33 universities, tested with 40tb of data across 28 states.”
This was in 2015. A year later, Google ATAP announced that they plan to make it happen by the end of this year.
Project Abacus, aimed at Android devices functions by continually following your behavior and identity. It’s a multi-modal system that generates a trust score based on the user’s usage and interaction with his device. The following activities are taken into consideration and help form the so-called trust score – keystroke speed, pattern of speech, location, rhythm of the user’s walk, facial features, etc.
During last year’s demonstration at I/O, Project Abacus could easily make a distinction between two users. In other words, if your Android device is stolen, its sensors will be able to identify that it’s not you who is currently using the device.
Project Abacus: Trust Score
If your phone establishes it’s not you, the dynamic Trust Score will activate and will log out of any open accounts, or keep them locked. During this year’s edition of I/O Daniel Kaufman, head of Google’s ATAP, said that “we have these phones and these phones have all these sensors in them. Why couldn’t it just know who I was, so I don’t need a password?”
Kaufman also said that over the course of 2015, Google has created a Trust API to be rolled out in June to beta customers. If everything goes as planned, Project Abacus will be put into motion by the end of 2016.
One obvious drawback is the fact that Google will know even more about its users. However, the company claims that the sensors data used for the Trust Score would be processed locally and wouldn’t be added to the Google cloud.
According to another Google key figure, Regina Dugan, senior executive, the Trust API would be applied for locking and unlocking the user’s device and apps. This system is believed to be more secure than fingerprint sensors and 4 digit PIN codes. And it’s not a new idea!
Both Apple (in TouchID) and Microsoft (in Windows Hello) have been seeking ways to “kill” passwords and replace them with biometrics. Moreover, Project Abacus is not Google’s first password-killing attempt, either. Smart Lock was introduced last year. It’s a password manager for Android and Chrome that saves credentials on one device that can later be used on all other supported devices and services, as explained by Kaspersky Lab.
How do you feel about Project Abacus and similar systems based on user behavior tracking? Would you feel more secure without needing passwords?
Before you answer, ask yourself if you’re one of the consumers who generally uses combinations similar to the worst 49 passwords in the recent LinkedIn data breach…
More about LinkedIn’s 2016 Data Breach
Image source, top of the page: Wikipedia/ Aart Schouman 1630 Dordrecht; Photo Collage: STForum