December 23rd, 2015. Google finally confirmed their next step. It is the one we never imagine. Something we believed is outdated. Something we need, yet we choose to deny. Something that can protect us from cyber threats. Our account password.
So, what actually is Google planning to do?
Username and password. We need these every time we want to sign into our account. Many of us believe this combination is the best. Username gives unique ID to user. At the other side, we need password as the key to our account. That’s why we need to make it complex. The more complex our password, the safer our account will be. But, let me ask you something. How much do you concern about your password? Do you believe it is complex enough?
Well, there are some ‘disturbing’ facts about password. Password should be our first defense against cyber threat. We can use it as our ultimate defense, but only if we use it well. The problem is many people don’t. Many people ‘love’ simple passwords. Something like 123456, password, qwerty, 12345678 etc. These passwords may be easy to remember. But, don’t forget this. They are also easier to hack. The same thing goes for re-used passwords. Some believe they’ve created complex passwords. Many did a great job with this. Their passwords are very complex. However, some of them are too confident. They believe no one can hack their password. So, they use it for all of their accounts. The password might be very difficult to hack. But, it is not impossible to hack. The hacker only need to hack once. Once he got your password, can you imagine how many accounts he can hack? This is why re-used password is dangerous.
What about two-factor verification? This one surely helps. But, there is a little challenge here. It adds an extra step to your log in. You need to enter either a secret token, verification code, or plugin a USB stick before you can log into your account. For some people. this may lead to hassle.
Google vs. Password
So, what does Google think about this?
First, you won’t need password. Second, you need a smartphone.
Here is how it works.
- Register your phone number to Google.
- Google will verify your number.
- Every time you want to log in, Google will send a notification to your smartphone.
- Respond to this notification if you want to log into your account.
So, who will get the most benefit from this feature?
- Those who hold their phones nearby.
- Those with complicated passwords. These passwords are usually difficult to type and remember.
The Test Group
“We invited a small group of users to help test a new way to sign-in to their Google accounts, no password required. ‘Pizza,’ ‘password,’ and ‘123456’ – your days are numbered.”
Google confirmed it. That made us even curious. How does it feel to be inside?
An anonymous member reached us. He told us everything you want to know.
First, you got an email invitation. You must accept the invitation to join the group. Once inside, you will get a welcome email. This email explains general explanation of this project. There is one interesting part in the email, however. The project, as it is said in the email, is meant create a password-free sign in. But, if you choose, you can still keep using your password.
Also, we found this. Once inside, Google may ask for your password. This may seem a bit suspicious, especially when everyone still concerns about cyber security. But, Google confirmed it. Their password will not be shared. It will be only used to unlock their accounts. In case you don’t know, this only happens after Google detected suspicious log in attempt. In other means, Google protects everyone privacy. Even during this development stage. Some members even reported how Google helped them. Their phone was missing, back then. They tried to reach Google to report the case. Guess what happened next! Google recovered told them their password! All thanks to the ‘suspicious’ Google policy!
What if their phone is stolen or lost? Should they go back with password? Google provided a solution for this. There are two ways to secure your phone.
- Use either Touch ID or screen lock on your smartphone. This will prevent anyone from unlocking your phone.
- Use another device to sign into your account. Then remove account access from lost device.