Google’s battle against poor passwords is continuing. The company is now testing a new Google Account option that lets users login using their phone, skipping the part where you have to enter your password. The feature uses your phone to authenticate your identity by bringing up a notification that allows you to grant or deny access to your account.

The discovery was made by Reddit user rp1226 (Rohit Paul), who was invited to test the new functionality on his personal Google account. We reached out to Google asking for confirmation and details about this apparent trial.

“We’ve invited a small group of users to help test a new way to sign-in to their Google accounts, no password required,” a Google spokesperson told VentureBeat. “‘Pizza’, ‘password’, and ‘123456’ — your days are numbered.”

According to Paul, here is how the process works:

You authorize your phone to allow you to log into your account.

You go into a computer and type in your email. Then you get a message on your phone to allow the login. If you hit yes, the computer logs into your Google account without a password.

The examples in Google’s statement are of course common passwords and answers to secret questions. Like any tech company or tech-savvy user will tell you, frequently used words and combinations are a massive frustration from a security perspective.

It’s important to note that this test works on both Android and iOS, according to Google. Furthermore, you can still log in with your regular typed password — the option is still there in case you need it.

According to Google, one major advantage to this new way of signing in is the protection against phishing (the attempt to acquire sensitive information such as usernames, passwords, and credit card information by masquerading as a trustworthy entity). Because the phone becomes the password, so to speak, users can’t exactly hand their device over via a text message, email, or err … over the phone. Keyloggers are also rendered useless.

This isn’t the only method Google is trying to fight phishing. Earlier this year, the company launched a Chrome extension called Password Alert, which warns you if you land on a website that’s imitating accounts.google.com to steal your login credentials.

The full body of the email sent out to users testing the feature is as follows, again courtesy of Paul: