Google confirmed Tuesday that it’s experimenting with a feature on its products, such as Gmail, to allow users to log on to their accounts without being required to enter a password.
“We’ve invited a small group of users to help test a new way to sign-in to their Google accounts: No password required. ‘Pizza,’ ‘password’ and ‘123456’ — your days are numbered,” a representative for the Mountain View, California company told TechCrunch on Tuesday.
Google’s new login process isn’t quite ready to be rolled out to the masses — Gmail reportedly boasts a user base of close to half a billion — but the company has finally confirmed its efforts after a Reddit user who was granted early access to the system posted information on Tuesday.
In a thread published on the popular forum website, Android owner Rohit Paul shared screenshots showing how certain Google users are given the option of logging on by completing a task on a secondary device, such as a laptop, after making an initial attempt to access an account elsewhere.
Mr. Paul authorized his smartphone to access his Google account, he recalled, but got a message on his handset after he subsequently tried to sign on after from a different machine.
“You go into a computer and type in your email. Then you get a message on your phone to allow the login. If you hit yes, the computer logs into your Google account without a password,” he explained.
During a second attempt, Mr. Paul said he was shown a specific two-digit integer when trying to access Google from his computer, then was asked to confirm the number on a prompt that appeared on his phone.
Google already allows users to enable two-factor authentication — a security mechanism in which access to a secondary device, such as a phone, is required to log on to an account after typing in a password.
The pilot program that was recently confirmed by Google bypasses the need to input passwords altogether. Users needn’t remember any complicated passphrases, but rather just have access to the auxiliary device.
“It’s handy for those that have long passwords. In theory, you are supposed to have long and complex passwords with numbers, digits and symbol[s], with all cases,” the Android owner said in a follow-up post. “So it’s supposed to make that easier when you need to log in a lot.”
Reports that Google could be parting ways with passwords have circulated for years, with two of the company’s security experts saying in 2013 that “passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe.”
“Bad passwords are one of the easiest ways to compromise a system,” former national security contractor Edward Snowden told television host John Oliver in an interview earlier this year. “For someone who has a very common, eight-character password, it can literally take less than a second for a computer to go through the possibilities and pull that password out.”
In October, Google competitor Yahoo rolled-out a new “password free” smartphone app that allows users to check their email without fumbling with complicated credentials by similarly providing an extra prompt that appears during the log-in process.