Passwords are often the weakest parts when it comes to secure users’ accounts, as many donot use complex passwords or they reuse the same password across services. Two-factor authentication – like using a USB stick with a secret token or entering in a code sent via text method to your phone – can help to increase security, but many users also find this to be a hassle as it introduces an additional step to the login process.
In this modern age, the need is to remember at least these many passwords / PINs. Here is the small list but not limited to :
- Facebook -1
- Linkedin -1
- Twitter -1
- Corporate Login / SSO -1
- Laptop cable lock key -1
- Bank accounts online - 2 (at least)
- ATM cards - 2 (1 per bank, so totally 2)
- Phone banking - 1 (per bank, so totally 2)
- iphone / ipad key-in: 1 (at unlock)
- Mobile token -1
- Personal laptop - 1
- Phone-recharge websites -1
- Air-lines - 5
- Trains - 1
- government websites - 1 (at-least)
- other activity based websites - 3 ( at least)
- Winzip passphrases for each (secret) folder in the file
- Security questions to retrieve passwords in case if we forget our passwords for any of the above sites, your first pet's name or your marriage anniversary date (probably the tougher one to remember).
In summary, today we have numerous passwords and each one using different rules make us crazy. Most difficult part of passwords are the password rules - password rejected because no capitals used, again rejected because no special characters used, rejected again and again because some or other reasons and suddenly there you go, your chosen password is accepted. Now what is that password?
Pity is we cannot allow anybody to write any passwords, and we cannot have same password for multiple sites, nor we allow a user to retain a password for a login ; Password expires for all of us, at-least every month (if not alternative weeks !!)
One has to spend so much energy and passwords have become one big villain for both users and companies. Hence, Google has come with Password-free Logins. This new password-free login option is about speeding up logins by offering a different way of signing in altogether. You only have to enter your email address when you’re signing into your Google account. Afterward, a notification will appear on your phone asking you if you’re trying to sign in from another device. Approve the login by tapping “yes,” and you’re in. This would be especially useful for those who always have their phone nearby while using Google services on other devices, like their computer, as well as those who have long and complicated passwords that are difficult to type.
Currently, its being offered to closed members of the group called 'Sign-In Experiments at Google'. After accepting the invite and joining the group, the email explains that you’re then able to sign in without entering a password but you can continue to use your typed password if you choose. In addition, Google says it may choose to ask for your password as an additional security measure if it notices anything unusual about your current login attempt. (And it’s helpful to be able to use your password in case your phone is dead, or goes missing.). In the case your phone is lost or stolen, your screen lock or Touch ID on your smartphone will protect your private data, as the thief or unknown party will not be able to unlock your phone. Google also advises in the case of a lost device, you should sign into your account from another device and remove account access from the device you no longer have in your possession. Google tells testers they are able to turn off this new means of signing in at any time, and testers can leave the trial group if they don’t want to offer Google their feedback about the sign-in process.
Food for thought : How secure is a touch ID implementation, as from customer's perspective, this feature is highly desirable?
Authored by Hussainali Ladha
Rate this article: