Death to passwords: Google rolls out OAuth2 tools for Android

Death to passwords: Google rolls out OAuth2 tools for Android
Passwords suck. In order to make them as secure as possible we are supposed to make them long and filled with numbers or symbols, and we are supposed to have a different one for every account. But that also makes them impossible for most normal people to remember them. And on mobile devices it’s even worse, as typing lots of letters, numbers, and symbols is a laborious process on a virtual keyboard.

Google wants to improve the experience, and they are rolling out developer tools right now that should help eliminate those annoying sign-in experiences, at least for Android users. On its developer blog Google said they are currently rolling out the new services via Google Play, and provided tutorials for developers to implement the new OAuth2 API.

What does it mean to you? As more developers implement OAuth2 it means you will only need to enter a password once into your Android account, and then any webpages or apps that make proper use of the new authentication standard can recognize your mobile device without you needing to keep entering those passwords. Not only will this be a much better user experience, but it should also improve security, since it won’t be nearly as bad to enter a 17 digit password a single time and then be done with it.

It’s possible that these features may eventually extend further into Google’s ecosystem – they already allow you to stay signed in to Google services when you use Chrome on a PC or mobile device, and it’s not hard to imagine them extending these capabilities to the desktop through Chrome at some point. There's at least some hope for everyone else; password security and convenience are killer features, so it’s not hard to imagine Apple, Mozilla, and Microsoft (the other companies that own a mobile OS and a browser) scrambling to implement similar functionality.

source: Google via Android Central

FEATURED VIDEO

8 Comments

1. Non_Sequitur

Posts: 1111; Member since: Mar 16, 2012

Cool! Can't wait to see how this will be used in the future.

2. Rayvelynn

Posts: 124; Member since: Jul 05, 2012

That could be a problem if your phone is ever stolen, you will have a lot of charges with downloads & who knows what else, it sounds like to me those people who can't remember their password, should just write it down somewhere.

4. KingKurogiii

Posts: 5713; Member since: Oct 23, 2011

they should have a way to shut the feature down remotely.

3. sbr999

Posts: 79; Member since: Jun 05, 2012

Awesome. THIS is what I want to see, not a phone stretched in MS Paint and sold at 2x the price(cough, iPhone). Keep going Google.

5. imeubeu

Posts: 59; Member since: Jul 01, 2012

great, been working on this for a while, 0Auth2 will help a lot

6. Tamtrick

Posts: 3; Member since: Sep 27, 2012

I use Two-Factor Authentication across a lot of my accounts. I feel a lot more secure when I can telesign into my account. If you have that option available to you use it, it is worth the time and effort to have the confidence that your account won't get hacked and your personal information isn't up for grabs. If you opt into 2FA, you will have to "Confirm your phone". You would receive a text message with a specific code to be entered into the system. If you don't want to do this every single time, you can designate your smartphone, PC, or tablet as a trusted device and they will allow you to telesign in without the text code. Should an attempt to login from an unrecognized device happen, it would not be allowed.

7. Tamtrick

Posts: 3; Member since: Sep 27, 2012

I use Two-Factor Authentication across a lot of my accounts. I feel a lot more secure when I can telesign into my account. If you have that option available to you use it, it is worth the time and effort to have the confidence that your account won't get hacked and your personal information isn't up for grabs. If you opt into 2FA, you will have to "Confirm your phone". You would receive a text message with a specific code to be entered into the system. If you don't want to do this every single time, you can designate your smartphone, PC, or tablet as a trusted device and they will allow you to telesign in without the text code. Should an attempt to login from an unrecognized device happen, it would not be allowed.

8. Tamtrick

Posts: 3; Member since: Sep 27, 2012

I use Two-Factor Authentication across a lot of my accounts. I feel a lot more secure when I can telesign into my account. If you have that option available to you use it, it is worth the time and effort to have the confidence that your account won't get hacked and your personal information isn't up for grabs. If you opt into 2FA, you will have to "Confirm your phone". You would receive a text message with a specific code to be entered into the system. If you don't want to do this every single time, you can designate your smartphone, PC, or tablet as a trusted device and they will allow you to telesign in without the text code. Should an attempt to login from an unrecognized device happen, it would not be allowed.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.