Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Android Chrome Google

Google Will Now Let Android Users Log In To Some Services Without A Password (theverge.com) 26

If you're an Android user, you can now sign into some of Google's services using your fingerprint, rather than having to type in a password. "The feature is available starting today for some Android phones, and it will be rolling out to all phones running Android 7 or later 'over the next few days,'" reports The Verge. "According to a Google help page, the feature also allows you to log in using whichever method you have set up to unlock your phone, which can include pins and pattern unlock." From the report: Android phones already let you use your fingerprint to authenticate Google Pay purchases and log in to apps. What's new here is being able to use that same fingerprint to log in to one of Google's web services within the Chrome browser. At the moment, you can use the functionality to view and edit the passwords that Google has saved for you at passwords.google.com, but Google says it plans to add the functionality to more Google and Google Cloud services in the future.

If you have a compatible Android handset, then you can try the functionality out now by heading over to passwords.google.com using the Chrome app on your phone. This service lets you manage all of the passwords that Chrome has saved for you. If you tap on any one of these saved passwords, then Google will prompt you to "Verify that it's you," at which point, you can authenticate using your fingerprint or any other method you'd usually use to unlock your phone. You'll need to already have your personal Google Account added to your Android device for this to work.

This discussion has been archived. No new comments can be posted.

Google Will Now Let Android Users Log In To Some Services Without A Password

Comments Filter:
  • for me. Just saying. I have actually pretty much given up trying to use them due to negative reads. And those negative reads are enough for me to stick with a password that I always get right.
    • for me. Just saying. I have actually pretty much given up trying to use them due to negative reads. And those negative reads are enough for me to stick with a password that I always get right.

      The Android view of biometrics is that biometrics are more convenient, but less reliable and less secure, so your real authentication credential is your password (PINs and patterns are just special kinds of passwords). If your biometric doesn't work, you can always fall back to using your password. To make sure you know your password, Android requires you to enter it every 72 hours. The screen says you have to enter it "for security", but that's only because people might find it insulting if the screen s

    • Having to type some of my passwords on a touchscreen device is arduous enough to make me hold off on it until I'm at a proper keyboard. If fingerprint scanners, swipe patterns or whatnot works better for some people, let them have it.
  • by shanen ( 462549 ) on Monday August 12, 2019 @01:28PM (#59079756) Homepage Journal

    Imagine you are grabbed by some robbers. Having control of your body, they can simply use your finger to unlock your phone.

    Thanks, google. Not.

    Even worse if it's the Hong Kong police and you were a peaceful protester with links to friends on your phone.

    As usual, the google is not part of the solution. That must mean the google is part of the precipitate, eh?

    I drafted a long review of an anti-google book recently. Is it worth finishing it and "publishing" it on the Web? I don't think so, insofar as the google can just ignore it and make sure everyone else doesn't see it until it goes away. But I will note that the old motto has been replaced with "All your attention are belong to us." We're reduced to a squabble between the google and Facebook as to who is the worst case of "us". (Maybe Apple and Amazon are also contenders for the worst? I think Microsoft and Oracle are out of contention, but maybe their are some national contenders?)

    • by shanen ( 462549 )

      s/their are/there are/

      If Slashdot had a viable economic model, then I think that the inability to edit typos might be the one problem that I would be most likely to contribute towards fixing.

      • If Slashdot had a viable economic model, then I think that the inability to edit typos might be the one problem that I would be most likely to contribute towards fixing.

        One economic model could be to charge $5 per edit for ex post facto changes.

        • by shanen ( 462549 )

          If Slashdot had a viable economic model, then I think that the inability to edit typos might be the one problem that I would be most likely to contribute towards fixing.

          One economic model could be to charge $5 per edit for ex post facto changes.

          I sort of like that one. The obvious problem is that most of the offenders would just claim the "community consensus" defense.

          (But I still think the Charity Share Brokerage would be a better solution approach.)

      • It's got a viable enough model to exist 20 years on. Either that, or economics as we know it is broken.

        It's probably both.
        • by shanen ( 462549 )

          I think Slashdot has become a weird combination of a portable debt and a charity case. But I definitely think economics is fatally broken. I'm now an advocate of time-based economics. Time >> money. I even call it ekronomics...

    • by sound+vision ( 884283 ) on Monday August 12, 2019 @01:48PM (#59079830) Journal
      For all the shit talked on Slashdot - MS and Oracle sell software, and support for it. Google and Facebook sell variations of dystopian panopticon to anyone who can pay.
      There is no version of Internet Explorer evil enough, that bundling it is in the same league of evilness.
      • by shanen ( 462549 )

        I wish I had a mod point to give you.

        (Why can't I convert some of the mod points I've received into ones that I can give? Another aspect of MEPR...)

      • Google and Facebook sell variations of dystopian panopticon to anyone who can pay.

        Can you elaborate on what you mean and how it works? The panopticon, I mean.

    • Imagine you are grabbed by some robbers. Having control of your body, they can simply use your finger to unlock your phone.

      If this is a concern to you, don't set up fingerprint unlock. Also, you may as well not waste money on a phone with a fingerprint scanner if you don't plan to use it.

      • This reminds me of something...
        About a year ago, me and a couple friends were at a terrace enjoying some drinks, and one of them had a Samsung S8 phone. During our chat he wanted to search something on Google and said "OK Google" to the phone, at which point the phone lit up with the search option. nothing strange here. But the other friend said "what if I speak the same thing, would your phone accept me too?". We all were in agreement that this wouldn't happen. So the other friend says "OK Google" and lo a

        • All biometrics are subject to both false positives (as in the case you observed) and false negatives (you speak and your phone doesn't recognize you). There are tunable parameters to let you trade one off against the other, but both sorts of errors always exist. Voice recognition is less precise than many other biometrics, so you should expect more of both than with, say, fingerprint matching. IIRC there are disclaimers about this when you set up the voice recognition in Google Voice.
          • by shanen ( 462549 )

            In terms of REAL security, I'd like to see two-dimensional approaches. For example, the fingerprint would trigger a challenge response of random numbers you have to read closely enough to match your voiceprint. And of course if you do it the wrong way it locks and triggers the alarm.

            Oh. Wait. I don't have anything that merits that much security. Back into the trap.

            • If you do need stronger security, just don't enable the fingerprint option. Pick a 6-character random password (or longer if non-random) and be careful not to let anyone watch you enter it. Note that the brute force mitigation done by Android means you can use a shorter password than you would need on your desktop, etc.
    • Also bear in mind courts in the USA have upheld that security forces can compel you under almost any circumstances to provide a fingerprint to unlock things, whereas an actual password still has limited protections.
    • Imagine you are grabbed by some robbers. Having control of your body, they can simply use your finger to unlock your phone.
      Thanks, google. Not.

      Nobody is forcing you to give your phone your fingerprint. And I use fingerprint unlocking, and yet mine still asks me for my PIN if it's been very long since I last unlocked.

      • by shanen ( 462549 )

        Basically repeating an earlier reply, but deliberately for emphasis:

        Most of the people who are buying phones with this feature want the convenience. It's a standard trade-off, and actually the google is making the same mistake in many other aspects of their security.

    • Imagine you are grabbed by some robbers. Having control of your body, they can simply use your finger to unlock your phone.

      Use a different finger for unlocking. By the time they realize that your thumb won't unlock the phone, they'll have used up the maximum number of attempts.

      Apparently the iphone sensor can recognize varous other body parts besides fingers. My Android phone doesn't though. https://www.reddit.com/r/apple... [reddit.com]

      • by shanen ( 462549 )

        I actually tried the thumb on an old PC and found that it didn't work well. However, the real problem is that people are using this for convenience, and they are going to use the most convenient fingers.

        However, if they are seriously worried about this possibility (as the Hong Kong police might be), then they would start by dusting the phone to see what traces of which fingers are present around the fingerprint sensor. Avoid the guesswork.

      • Update: my Android phone will allow 20 failed attempts (5 per minute) before it disables fingerprint authentication. The rate limiting may be enough to discourage a robber, but law enforcement will have time to try out all 10 fingers. You'd need to use non-fingertip body parts and a phone with a front-side (i.e. non-recessed) scanner.

        Maybe swillden can explain why so many attempts are allowed.

    • Imagine you are grabbed by some robbers. You have no biometrics on your phone, so they threaten to beat you repeatedly until you give them the password. (oblig. XKCD https://www.xkcd.com/538/ [xkcd.com])

      Once people have captured you, all bets are off. If you're a protestor in Hong Kong, leave your phone at home. Disable the biometrics before you go out. Take into account your special circumstances before you use a non-special solution.

      Your take is nonsense.

  • Just because you don't have to type it doesn't mean it's not a password. (Apologies for the triple negative...)
    • I'd rather say that a fingerprint is a biometric, as it's something you are. However, I would call a swipe pattern a password, as it's a memorized secret.

"The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts." -- Bertrand Russell

Working...