Forget passwords on Android with OAuth 2.0 from Google

September 27, 2012
0 50 80 2

    Security is important, but it’s also a real pain. You need a separate password for every account that you create and it can’t afford to be predictable. Anyone who is really security conscious will know that the days of using your pet’s name or a birthday are long gone – you need a random mixture of letters, numbers, and ideally some symbols, and it should be several characters long. That makes it impossible to remember.

    Thankfully Google Play Services is rolling out OAuth 2.0 for strong security without passwords. The basic idea is to streamline the user experience and ditch that irritating sign in. Developers who implement OAuth 2.0 will be able to enable their apps or games to authenticate your device through your Google account. So, in effect you’ll enter your password for Google once and that will be it.

    In order for it to work your device needs Google Play services and, according to the Android Developers Blog, it “will only be available on compatible Android devices running 2.2 or later.”

    Entering passwords on a smartphone has always been an irritating necessity, so the ability to go to a mobile webpage or enter an app without having to enter that password is obviously going to improve the user experience.

    Developers can get started now and take a look at how to implement it in their apps and games by checking out the Android Developers Blog. The roll out is underway so we should start seeing apps that use the service within a few weeks.

    This sounds great from a convenience point of view, but it does also provide an extra incentive to ensure that you have some lock screen protection or an anti-theft app installed in case your phone falls into the wrong hands. What do you think? Do you like the sound of this? Any developers care to comment?

    0 50 80

    Comments

    • MasterMuffin

      with this you could just steal one account (Google) and get access to everything that the owner of the account has ever done? Not nice!

      • Nikhil Apte

        You could enable two-factor authentication and then disable the app-specific (Android sign-in) password to get rid of unwanted behaviour.

    Popular

    Latest