Passwords have become both necessary and evil on the internet. We need them to protect our accounts, but many users pay less attention to them than they should -- witness the recent Adobe hack. The software company leaked out the data of 153 million users, with email and password hints in plain text and passwords encrypted poorly. A hint about security -- "123456" is not a secure password, though it was number one on the Adobe most-used list. Hints like "try 'password'" were also found.
Now Google, with it's growing Chrome operating system, may be on the verge of leaving this mess behind. At least if the currently proposed API is approved. The potential new Application Programing Interface, known as chrome.screenlockPrivate, is set to change everything.
The API proposes to use Chrome Apps to unlock your Chromebook, using USB, NFC, and/or Bluetooth APIs to communicate with another device, such as your smartphone or tablet -- or for that matter a smart watch. These new APIs would give Chrome developers a predictable interface for interacting with such devices to provide either an alternative or "two-step" form of authentication. The secondary device would be set up as trusted and would serve as that authentication.
Other unlocking methods are also included in this proposal, including swipe patterns, as new Chromebooks are starting to come touchscreens. The way could be paved for even more methods, like facial or voice recognition.
The proposed schedule for this implementation is rather ambitious, stating a target of February 25, 2014 for introduction into the stable build of Chrome.
This is certainly a fascinating subject, and the capabilities for doing it are there. After all, we have seen various alternatives such as fingerprint and pictures being used in current devices -- Windows 8 allows for picture passwords. However, the schedule of implementation is very quick, and I can't see these changes being made in that sort of time-frame, though I think it will get there. Google has a history of moving forward with wild ideas, and this truthfully is not even particularly wild. Will we see it in February? Probably not. Will we see it in 2014? I think so, yes.
While I do think that this could work in some cases, it needs to be noted that this is not really something new entirely. PC users for example have been using solutions like Predator for years which unlock their systems using USB devices as identifiers.
There is also more to it than just making passwords obsolete, or improving how one authenticates. While that is certainly part of the deal, it is also worth noting that using other devices for authentication might tie consumers closer to companies. It depends on how that is implemented, but if there is no universal solution, one device or gadget to authenticate all others, then it will only lead to fragmentation and carrying around solutions for all the different devices you use regularly.
A single solution on the other hand would act much like a master password to all user accounts and devices. If security is not top notch here, it could certainly backfire as well.