​Tired of typing passwords? Use your smartphone to sign in to Google

Soon you may be able to sign into Gmail and other Google apps on a computer just by having your iPhone or Android phone on hand.

Google is testing a new authentication feature that could make your smartphone the key to your online accounts when signing in to other devices like a tablet or laptop.

Details of the new sign-in method were revealed on Reddit by Rohit Paul, who reported being invited to test the system with his Google Nexus 6P. As Android Police reported, to use the feature Google requires that a phone has a screen lock enabled.

The new feature makes sense of Google’s recently introduced two-page sign-in for Gmail, which asks the user to input their username on a first page and then asks for the password on a second page instead of handling the process on a single page. Though some users were baffled by the need to introduce an additional step, Google said the two-page set-up was laying the groundwork for new authentication solutions. This appears to be one of them.

Instead of asking for the password, the second page instructs the user to unlock their phone and tap “Yes” on the Google prompt in order to sign in. It also provides a link to a separate page if the user wants to use their password instead.

“You go into a computer and type in your email. Then you get a message on your phone to allow the login. If you hit yes, the computer logs into your Google account without a password,” Paul explained.

As Paul noted, this could be handy for people that actually follow security advice to use long passwords. Indeed, it could make it easier for people that resist using long passwords to do so without fearing they can’t access their account on a desktop, say, at a university.

Paul also posted the email he received from Google explaining the new system, which details some of the practical considerations Google has thought of when using a smartphone as an account key, such as if the device is lost or the battery dies.

For one, the sign-in feature is only available for phones that support a lock screen, so the idea would be that if someone else has your phone they won’t be able to authorise a sign-in from it.

“That's why you have a screen lock or Touch ID,” said Google, referencing Apple’s iPhone fingerprint reader. “Even if someone else gets your phone, that person can't unlock it,” it added.

If a phone is lost, users can go to My Account in settings to review when a device was used to access an account and also removed the lost device’s access privileges. Users can also edit the phone they want to use to sign in.

For now the preview system is only available for signing in to Google accounts but it could become an even more compelling feature if Google enables it for third-party apps. The company is, for example, doing this with Smart Lock for Passwords, an Android-only feature that lets users sign into to Netflix and other apps without having to enter a password by saving credentials for Android apps and Chrome.

Those hoping Google has found the answer to the true death of passwords will however be disappointed.

Read more: The week in security: Place your security best for 2016

“For the moment, you’ll probably still need it, just in case your phone isn’t around or we can’t reach it. And if Google ever notices something suspicious about how you're signing in, we might ask you to enter your password,” Google said.

Join the CSO newsletter!

Error: Please check your email address.

Tags smartphoneRohit PaulGoogleCSO Australia

More about AppleGoogleNetflixSmart

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts