Google’s battle against poor passwords is continuing. The company is now testing a new Google Account option that lets users login using their phone, skipping the part where you have to enter your password. The feature uses your phone to authenticate your identity by bringing up a notification that allows you to grant or deny access to your account.
The discovery was made by Reddit user rp1226 (Rohit Paul), who was invited to test the new functionality on his personal Google account. We reached out to Google asking for confirmation and details about this apparent trial.
“We’ve invited a small group of users to help test a new way to sign-in to their Google accounts, no password required,” a Google spokesperson told VentureBeat. “‘Pizza’, ‘password’, and ‘123456’ — your days are numbered.”
According to Paul, here is how the process works:
You authorize your phone to allow you to log into your account.
You go into a computer and type in your email. Then you get a message on your phone to allow the login. If you hit yes, the computer logs into your Google account without a password.
The examples in Google’s statement are of course common passwords and answers to secret questions. Like any tech company or tech-savvy user will tell you, frequently used words and combinations are a massive frustration from a security perspective.
It’s important to note that this test works on both Android and iOS, according to Google. Furthermore, you can still log in with your regular typed password — the option is still there in case you need it.
According to Google, one major advantage to this new way of signing in is the protection against phishing (the attempt to acquire sensitive information such as usernames, passwords, and credit card information by masquerading as a trustworthy entity). Because the phone becomes the password, so to speak, users can’t exactly hand their device over via a text message, email, or err … over the phone. Keyloggers are also rendered useless.
This isn’t the only method Google is trying to fight phishing. Earlier this year, the company launched a Chrome extension called Password Alert, which warns you if you land on a website that’s imitating accounts.google.com to steal your login credentials.
The full body of the email sent out to users testing the feature is as follows, again courtesy of Paul:
You’ve been invited to try a new way of signing in to your Google account. Setting it up will only take a few minutes.
Enroll your Google Account
Accept the invitation for our Google Group
Go to myaccount.google.com/security
Click the invitation that says: “Tired of typing passwords? Try using your phone to sign in”
Follow the instructions to finish setup
What happens next ?
After you’ve set it up, try it and see what you think. Here are a few things to keep in mind:
You won’t need your password to sign in, but you can always use it if you want to
As always, if we notice anything unusual about your sign-in you may be asked to complete an extra step or two to prove it’s really you
We might reach out to you to learn more about what you think. You can leave the group if you don’t want us to contact you.
What happens if ?
Your phone’s battery dies or your phone isn’t around
You can still use your password. When you go to sign in, just click the link “Use your password instead” at the bottom of the page
You lose your phone
That’s why you have a screen lock or Touch ID. Even if someone else gets your phone, that person can’t unlock it
Any time you lose your phone, protect yourself by signing in on another device and going to My Account. From there, you can review your device activity and remove account access from the lost device
You want to use a new phone
If you need to change your phone, go to “Sign in and Security” in My Account. Click “Use your phone to sign in” then “Edit” your phone
You decide you want to stop using your phone to sign in
If you decide you’d rather type your password to sign in, go to “Sign in and Security” in My Account. Click “Use your phone to sign in” then “Turn off”
You’re asked to complete extra steps to sign in
If Google ever sees something suspicious about how you’re signing in, you’ll need to complete an extra step or two to prove it’s really you. As we work to improve the experience, you may see some of those changes
You’re wondering if you’ll ever need your password again
For the moment, you’ll probably still need it, just in case your phone isn’t around or we can’t reach it. And if Google ever notices something suspicious about how you’re signing in, we might ask you to enter your password