Soon you may be able to sign into Gmail and other Google apps on a computer just by having your iPhone or Android phone on hand.
Google is testing a new authentication feature that could make your smartphone the key to your online accounts when signing in to other devices like a tablet or laptop.
Details of the new sign-in method were revealed on Reddit by Rohit Paul, who reported being invited to test the system with his Google Nexus 6P. As Android Police reported, to use the feature Google requires that a phone has a screen lock enabled.
The new feature makes sense of Google’s recently introduced two-page sign-in for Gmail, which asks the user to input their username on a first page and then asks for the password on a second page instead of handling the process on a single page. Though some users were baffled by the need to introduce an additional step, Google said the two-page set-up was laying the groundwork for new authentication solutions. This appears to be one of them.
Instead of asking for the password, the second page instructs the user to unlock their phone and tap “Yes” on the Google prompt in order to sign in. It also provides a link to a separate page if the user wants to use their password instead.
“You go into a computer and type in your email. Then you get a message on your phone to allow the login. If you hit yes, the computer logs into your Google account without a password,” Paul explained.
As Paul noted, this could be handy for people that actually follow security advice to use long passwords. Indeed, it could make it easier for people that resist using long passwords to do so without fearing they can’t access their account on a desktop, say, at a university.
Paul also posted the email he received from Google explaining the new system, which details some of the practical considerations Google has thought of when using a smartphone as an account key, such as if the device is lost or the battery dies.
For one, the sign-in feature is only available for phones that support a lock screen, so the idea would be that if someone else has your phone they won’t be able to authorise a sign-in from it.
“That's why you have a screen lock or Touch ID,” said Google, referencing Apple’s iPhone fingerprint reader. “Even if someone else gets your phone, that person can't unlock it,” it added.
If a phone is lost, users can go to My Account in settings to review when a device was used to access an account and also removed the lost device’s access privileges. Users can also edit the phone they want to use to sign in.
For now the preview system is only available for signing in to Google accounts but it could become an even more compelling feature if Google enables it for third-party apps. The company is, for example, doing this with Smart Lock for Passwords, an Android-only feature that lets users sign into to Netflix and other apps without having to enter a password by saving credentials for Android apps and Chrome.
Those hoping Google has found the answer to the true death of passwords will however be disappointed.
“For the moment, you’ll probably still need it, just in case your phone isn’t around or we can’t reach it. And if Google ever notices something suspicious about how you're signing in, we might ask you to enter your password,” Google said.