Passwords are broken. People struggle to make them complicated enough, then struggle to remember them. Or else they’re easily cracked by social engineering or just plain brute-force hacking. Many people could use two-factor authentication, but it slows down the login process and is often seen as a hassle.
Now, Google may be the latest company aiming to kill the password. Reddit user Rohit Paul got early access to a password-free login system that Google appears to be testing.
Just like two-factor authentication, Google’s system uses your phone as a key. But instead of typing in a code or even entering your password, you get a notification that lets you authorize access to your Google account. Just tap a button on your phone confirming you are signing in and you’ll be logged in on whatever other device you’re using.
The system relies on you having your phone nearby, which is standard for many people today. However, users can still use their password if their phone is dead or otherwise inaccessible. In the FAQ Google sent Paul, Google suggests turning on strict security settings on the phone before enabling the password-free option.
Paul was invited to the test seemingly randomly. Google confirmed to TechCrunch that they’ve invited a small group of testers to participate in the program.
Google isn’t the first company using a phone to get around the password dilemma. Microsoft has a similar approach with the Microsoft account app. In fact, any developer can add password-free authentication to their site or app. This fall, Auth0 introduced Passwordless, which lets developers add phone-based authentication to their projects.