Google wants to make your life the password

Our digital lives are punctuated by an increasing number of PINs, fingerprint scans, and other security hurdles, but an Android project could end all that. The Google ATAP team has been working on a new authentication system, publicly revealed at I/O 2015 this week for the first time, which bypasses explicit codes and biometrics, and instead uses ongoing user-recognition to figure out who you are simply by how you use your phone.

The goal, ATAP chief Regina Dugan explained, was to identify users not by what they type, but how they type it; not by what they say, but how they say it.

A single modality – like how you swipe the touchscreen, how you type on virtual or physical keyboards, how you talk to speech-recognition systems, and even factors like your face and how you move around with the device in your hand or pocket – would probably fall well short of even the security represented by a simple 4-digit PIN, the researchers theorized.

However they also predicted that a multimodal system, combining several factors as long as they were measuring sufficiently different things, could in fact be more accurate than traditional locking systems. Also in its favor, it would be less intrusive than a pop-up demanding authentication.

The result is the system you see in demo form above, initially tested on a huge multi-location server farm across ATAP’s various university partners. (In fact, ATAP used a total of 360 cores across three clusters.)

It assigns a “trust score” based on factors like typing style and face, able to switch in real-time between allowing someone access and blocking them, even if the transition between users is almost instantaneous.

As for the overall accuracy, ATAP found that its new low-profile testing could in fact be 10x more secure than just fingerprint sensors.

Best of all, it could be added to existing devices with just an OTA software update, since it requires no extra hardware. ATAP is also looking at extending it from simply unlocking a phone to allowing all apps to tap into the trust measure.

It’s not the only security technology Google demonstrate this week. The ATAP team also baked a full encryption computer into a microSD form-factor, dubbed Project Vault, which it released under an open-source license.