Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Google looks into password alternative for unlocking Chrome screens

Google is devising a way to let Chrome users unlock their computer screens using Chrome apps – providing a password-free option for authentication.

On Wednesday, Google “Chromium Evangelist” Francois Beaufort shared information about the undertaking that the Chromium OS team “seems to be experimenting with.”

Via a post on Google Plus, Beaufort said the “password-free unlock” feature would allow Chrome apps to use USB, near field communication (NFC) and Bluetooth application programming interfaces (APIs) to communicate with trusted devices, like phones, watches, rings or badges, to unlock Chrome screens in sleep mode.

An API proposal for the technology, submitted last month, explains that the authentication method would also “show messages to the user if the app decides not to unlock the screen for some reason.”

The proposal revealed that would be quite possible for multiple trusted devices to “disagree about whether the screen should be locked or unlock,” an issue that could be remediated by disabling apps or locking that occurs shortly after the screen has been unlocked.

“It is considered worse to lock the screen while the user wants to use it, than to unlock the screen while the user may be away,” the proposal said.

Developers at Google are aware that the protocol could be abused, resulting in “trusted” devices unintentionally locking or unlocking users' screens, but they ultimately reasoned that the method would get more Chrome users to secure their machines out of convenience.

“The easier it is to unlock a screen, the more likely it is that a user will lock it in the first place,” the proposal said.

On Wednesday, Steve Kirsh, CEO and founder of OneID, a Redwood City, Calif.-based digital identity management service provider, told SCMagazine.com that the convenience factor could play a role in securing more users, but that the technology would need to be implemented to see the whole picture.

“The problem may be that, depending on what devices this is available on, if [a user] forgets their device, it could be more of a hassle and they may turn it off,” Kirsh said. “I really think it's one of those things where you have to try it out and see if people actually end up adopting it. That's the number one thing, that it's easy enough for users to use – and that they do use it."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.