Google's project Abacus plans to kill the password

In the grab bag of Google/Alphabet's big projects for 2016 is Project Abacus. It's basically the company's plot to kill the password in cold blood, by replacing it with smartphone user authentication via an uncrackable collection of biometric readings.

Abacus would lock or unlock devices and apps based on a cumulative "trust score" -- as your phone continually monitors and recognizes your location patterns, voice and speech patterns, how you walk and type, and your face (among other things).

Like many things Google, it sounds miraculous. Your phone will just know it's you. And infosec pundits who believe we're stuck in password-hell Groundhog Day because "regular" people won't do security if it's inconvenient, will rejoice.

Former Googler Chris Messina sounded ecstatic about it on Twitter, saying that Abacus would beat the current gold standard, two-factor authentication, since losing access to SMS wouldn't break the whole system.

Cisco engineer Shawn Cooley countered him saying, "very cool until I break my leg or hand & can't auth to any services to get healthcare info since my behavior is diff." Messina said, "you presume that your health records aren't being managed by Verily. You would be wrong."

During its first public demo at Google's I/O conference, Regina Dugan claimed that with its "trust score" method, Project Abacus "may prove to be ten-fold more secure than just a fingerprint sensor." And it's easy to believe this could be true.

View the full article