Google says goodbye to passwords: replaced by the smartphone

Before long we will be able to use the Android smartphone to authenticate in our email or social profile. Thanks to Google and the FIDO protocol

One day we may say goodbye to passwords to start up the computer and to access the websites to which we have registered or social. We could also stop worrying about having to invent complicated words that we have to change as often as possible, creating complex mixes of letters, upper and lower case letters, numbers and special characters.

According to Google, in fact, passwords can be replaced by smartphones. How? By integrating directly into cell phones the so-called "security key". A security key is just what the name says: a security key, digital equivalent of the keys we use every day to open the front door or to turn on the car. They are nothing more than chips that integrate a security token, protected by sophisticated encryption systems, to be connected to the PC usually through a normal USB port to prove that yes, it is us who use that computer, that app or want to access that website. Google already makes a security key, called Titan, but now it would like to turn smartphones themselves into electronic security keys.

How to use your smartphone instead of a password

At the Google Cloud Next conference, currently underway in San Francisco, the head of the Trust and Security Marketing team at Google Cloud, Rob Sadowski said, "Think of a security key in almost every modern smartphone running Android, a very simple form factor for over a billion users to use. Turning the smartphone into a means of authentication makes it really simple and always available." Sadowski already has a clear idea, a sign that Google is indeed working on such a project.

With a smartphone running Android 7 or higher (i.e., with single-file level encryption) it would be possible to unlock a computer running Chrome OS, macOS X or Windows 10. The hardware requirements would be limited to a Bluetooth connection to allow wireless communication between PC and smartphone, while the software requirements would include the Chrome browser that would act as a bridge between the security key and all the sites to which we are registered. Security would be guaranteed by the FIDO standard, an encryption protocol that consists of a pair of keys: one held by the site, the other by the user. When the two keys meet, the user is recognized.