Passwords are a necessary part of our Internet life. If you are someone who spends a lot of time on the Internet, you probably have a ton of different ids at different websites, and if you follow along advice, a ton of different passwords as well. More than likely, you are also using a password manager, because it is difficult for us to remember all of this detail accurately all the time.
If you are using a password manager (and I recommend people to), you’d be glad to know that Google is collaborating with Dashlane and “other leading password managers” to develop a new open-source API project for password management and access. Called “Open YOLO”, where the YOLO stands for You Only Login Once, this open API aims to give Android apps the ability to access passwords stored in password managers, and effortlessly and securely log you in.
Open-YOLO API will try to create a seamless and universally-acceptable Android app authentication solution. What this means (according to my understanding) is that apps will get access to log themselves in if their credentials are stored in your password database in your password manager of choice. It is unlikely that apps will get access to all passwords within the database, but the possibility of rogue apps hacking their way in to areas where they should not have access to will exist. As such, there are likely to be some compromises along the way, but since details are sparse as of now, it can flow either way.
Dashlane is spearheading the collaboration with other top password management companies, who will contribute their unique security expertise to improve the design and implementation of this open API. In the future, this solution is envisaged to extend beyond Android devices by becoming a universally-implemented standard for apps and password managers across platforms and operating systems.
Funny name aside, Open-YOLO has the potential to make password managers much more accessible for the common man. Depending on how it is implemented, apps could automatically create their entries within the password database, eliminating the need for user interaction while still ensuring unique identities and strong passwords for the user. Hopefully, it means the end of days for using passwords like “nopass”.
What are your thoughts on the Open-YOLO API Project? Do you think it will come with compromises to security? Let us know in the comments below!
from xda-developers http://ift.tt/2aoPD2n
via IFTTT
Aucun commentaire:
Enregistrer un commentaire