“Trust API”: Google Developing New Ways to Protect Personal Data

Source: http://money.cnn.com/2016/05/26/technology/google-password-trust-api/index.html?iid=hp-stack-dom


Google is moving along quickly with its plans to kill off the traditional password.

Dan Kaufman, the director of Google’s (GOOGL, Tech30) Advanced Technology and Projects team, recently announced that the company was working with “several very large financial institutions” to test out new password-replacement technology.

The technology, called “Trust API,” uses multiple sensors in your smartphone to determine whether it’s you — or someone else — who is trying to log in.

Various devices operating on the Google Android operating system already offer Smart Lock, which uses sensors that can scan your face, your voice, your movements and your location to figure out whether the device should unlock without a password.

“On some devices, [sensors] will learn the pattern of your walk. If the accelerometer detects a walk that looks very different, it may lock your phone,” the company explained in an online post about Smart Lock.

But the newly unveiled “Trust API” password replacement project is supposed to be even more advanced, secure and easy to use. Reports say the technology will be constantly operating in the background of your smartphone, combining data from multiple sensors to calculate whether to unlock for the owner or block out intruders. The phone would even be able to differentiate your screen swiping style from that of someone else, according to reports.

Google did not respond to CNNMoney’s requests for details. But Kaufman, who is leading the project, was visibly excited about the technology when he announced it last week at the annual Google I/O conference.

“Assuming it goes well, this should become available to every Android developer around the world by the end of the year,” he said.

Related: MasterCard launching selfie payments

Banks and financial institutions have been working to improve their password and log-in technology for months, if not years, to make it easier for customers to check their balances and make payments, while keeping out hackers and thieves.

MasterCard(MA) announced plans in February to launch new mobile technologies allowing customers to authenticate their online purchases using selfies or fingerprints. And HSBC (HSBC) announced plans in the same month to replace passwords with voice-recognition technology for millions of customers.

Apple’s iPhone 5S was the first widely popular gadget to incorporate a fingerprint scanner as a security measure in 2013, but it’s known to be a bit fickle and unreliable.

CNNMoney contacted a number of large banks to ask whether they were working with Google on its “Trust API” project.

TD Bank(TD) said it was not working with Google. None of the other banks provided a response.

Desktop Virtualization, VDI and Client-Hosted

Another acronym – just what the IT world needs, but VDI is with us now. VDI – Virtual Desktop Infrastructure is one type of desktop virtualization. It refers to hosting client virtual machines on a central server and deploying that virtual machine to any appropriate device –a PC, a thin client, a netbook on the road, etc. The other category of desktop virtualization is client-hosted. That model involves having two or more separate environments –as separate virtual machines on one client machine.
VDI is the more generally applicable model for business computing needs. This approach offers at first blush a lot of advantages. Your friendly, all setup as you like it office computing environment can be accessible to you anywhere from a lot of different devices.
Setting up a new desktop would take potentially minutes. Management, maintenance, updating of all of a business’s “desktops” is done centrally and probably more quickly than for separate desktop machine. The whole concept of a desktop PC goes away to some degree.

Cost, time and security advantages make the technology certainly intriguing. One disadvantage is the effort to get setup –without ending up with double the hardware investment. That is you could end up with bigger, more powerful servers and more of them plus be using desktops. A from scratch implementation with thin clients in place of desktops would make more sense.
The big players seems to be VWware and Microsoft. We will be deploying a pilot environment here at ERGOS and I will report back on our experiences.

Social Networking and Security

A recent Houston Chronicle [7/29/08] article pointed out that social networks are increasingly popular with “geezers” like me -and that “60% of Americans 43 to 63 are hanging out on social networking Web sites”. Of course your younger workers are also big players in this area, but the “older” user statistic helps show how pervasive such use is. This has strong implications for marketing, brand awareness, product reputations and of interest here – network security.

One security risk is social networks being a platform for “the thoughtless disclosure of confidential business information” per the June, 2009 Insiders Guide to SMB [“Cybercrime Countermeasures, Rich Freeman]. Especially if your employees are using social media –Facebook, Twtter, etc. while at work it would seem they could easily blab on about matters they should not be publishing to the world. At the least, you should caution employees about the need for discretion and confidentiality especially when online.

With layoffs up, the possibility of client or prospect lists, proposals or other confidential data being stolen by laid off or threatened employees is higher as well. A termination policy that includes a checklist for locking down systems and locking out ex-employees is a key for data and systems security.

Dated Browser Versions

An article in the Houston Chronicle (“Dig a hole and shovel IE6 into it”, Dwight Silverman 7/20/09) has highlighted the problem of using dated browsers. While IE6 is 8 years old it is still in wide use – despite the fact that newer, much more secure versions of Internet Explorer  have been released. Check your browser version and get updated or nudge your IT responsible person. For security,  ease of use and features it is time to make the switch.

You can download IE8 at:


IE8 is per Microsoft, “faster, more secure, more reliable” than older IE versions and has accelerator and web slice features -more to come on those. I have just upgraded to IE 8 myself and I am running it and Google Chrome and comparing. The download/upgrade process is very easy. Note that IE is, at least, a bigger target for malicious attacks – if not a softer target, as discussed earlier. Take the step of upgrading to the most recent version if you use IE.