Google has long said it intends to make passwords obsolete, but before last week it wasn’t clear how the company planned to achieve that feat.
At Google I/O, the Mountain View-based company showed off two new initiatives aimed at helping make Internet users more safe and secure. The first was Smart Lock for Passwords, the company’s take on a password manager. The second, and more interesting of the two, was Project Vault.
Announced on the second day of Google I/O by the company’s Advance Technologies and Projects group, the same part of Google that showed off a radar-based gesture system, Project Vault is a secure computer that fits inside of a microSD slot.
Inside of that small package is an ARM processor, 4GB of storage, an NFC chip and antenna. It’s all held together by a real-time operating system (RTOS) that presents malicious users fewer opportunities to break into the device. Any operating system that interacts with Vault will see it as a generic file system, so almost any operating system, including Android, Windows, OS X and Linux, can take advantage of its encryption capabilities. This also means that developers don’t need to do a lot of additional work to make their app to work with Vault.
However, more than just being a minuscule computer, Vault is a new way to authenticate users without the use of a password. Vault tracks a person’s usage activity and typing patterns, as well as several other factors, to develop a so-called “Trust Score”. According to ATAP, this method of authenticating a user is 10 times more effective than a password.
ATAP has released an open source Vault development kit that developers can access on GitHub ahead of its official launch.