Project Abacus: Google Wages War on the Password

We’ve written before about our predictions regarding the fate of passwords—frankly, we believe it’s high time they were done away with. And, it turns out, Google agrees. Enter, Project Abacus. Born from the desire to find a way to make authentication systems device-driven, rather than human driven, Project Abacus—first introduced to developers last year—saw Google partner with multiple universities, as well as host 25 experts from 16 institutions, allowing them to focus on deep-dive research over the course of what one would imagine were a quite grueling three months. Using data from 1,500 “donors,” Project Abacus, according to Google, is now 10 times more secure than fingerprint authentication.

How Does Project Abacus Work?

Google’s head of their ATAP (Advanced Technology and Projects) research unit, Daniel Kaufman, recently updated those in the tech space about the latest “shots fired” in their war against the password. And it’s incredibly good news for those of us who are striving to bring an end to outdated customer identity management processes.

Not to be confused with Google’s already launched “Smart Lock” system, which uses trusted locations and face recognition (among other things) to allow you to unlock your device with a PIN or password, Project Abacus takes this idea of “trust” one step further. As Kaufman said, when addressing password-based authentication and its problems, “We have a phone, and these phones have all these sensors in them. Why couldn’t it just know who I was, so I don’t need a password?”

Running continuously in the background while you use your device, it begins to “get to know” you, and gathers data about you and your usage patterns—things like typing patterns, current location, speed, and voice patterns—and uses that data to create your own, unique “trust score.” Driven by the big-brains behind Google’s search and machine intelligence groups, their “Trust API” is believed to be so reliable that even the most highly sensitive industries (think: finance) are engaged in testing it out.

Kaufman also teased out projected availability dates, adding “…assuming it goes well, this should become available to every Android developer around the world by the end of the year.”

What Does This Mean for the Future of Customer Identity Management Processes?

When we’re reaching a stage where your lost or stolen phone can intuitively shut down all its apps because it knows it’s not you tapping away on that screen, and when banks are actively testing these types of systems as alternatives to passwords and PINs when it comes to security, one can safely assume that biometrics, already on the rise, will be the next great frontier in device authentication.

And it appears that the general population, from the Boomers on down, are ready for biometrics. In fact, our most recent research (which you can read more about here) showed that the majority of people believed biometrics a safer option when it comes to accessing digital data. And so do we. Our own Richard Lack recently summed it up rather succinctly: “Biometric authentication is a powerful enabler, allowing businesses smart enough to deploy it to significantly increase rates of registration, gaining data and insight about their customers, while also increasing customer security. This is a win/win scenario which sounds the death-knell for awkward and insecure passwords sooner than we may imagine.”

Also, when one of the world’s largest and most innovative technology companies pours itself into finding a better way than passwords, it’s fair to say the writing’s on the wall. It’s definitely a fascinating and very exciting time to be involved with Customer Identity Management, and its much-needed evolution.

By Jason Rose