“Passwords suck”. Google’s Regina Duggan said as much on-stage this morning at an ATAP session at Google I/O. We’ve got plenty of ways to manage passwords, but ATAP wants to turn your device use into the password with Project Vault.
ATAP wants to trade “human cycles for machine cycles”. Sounds confusing, but your password is more personal than you think. You often choose one based on something you find clever or easy to type.
To make the password personal again, ATAP is attempting to find a way to know you’re the one using a device, which will authenticate you even before a website or app asks for your password. It makes your primary authentication a secondary one, without you having to do a thing.
ATAP even claims Project Vault is up to ten times better. A “trust score” is established as you use a device. Things like typing patterns are examined to know it’s you using a device. If someone borrows your phone, Project Vault will know.
Project Vault is a hardware solution that packs a computer into a micro SD, which will make the authentication available on every device. Headed to enterprise first, Project Vault has an SDK for developers, which is available today.
The hardware is secure, partitioning itself from the rest of your device’s file folders. Project Vault is also operating system agnostic; you can run iOS, Android or Windows and still take advantage of Project Vault.
The point is security everywhere, all the time. Project Vault is still very early in the process of being ready for users, but it seems as though Google ATAP is on the right path.