Googles Smart Lock is the Future
At I/O 2015, the company showed off its latest weapon in its long battle against passwords; Smart Lock. The promise is that it will unlock your favorite websites and apps by securely saving your password to your account. Syncing them between Chrome and Android.
You’ll need to be a Chrome user. And tell the browser, which it does by default, to save and back up all your usernames and passwords. For example, saving your password to The New York Times in Chrome will automatically log you into the Android app. No need to find the password somewhere or reenter it. Android developers must add support for this feature into their apps for the magic to work. Partnered with a core group of apps to get this ball rolling. Popular services like Netflix, Orbitz, InstaCart, and Eventbrite already have it live. Fortunately, because this capability is tied to Play Services, it’s already working on your device. No need to wait for an Android update. To fire this up, head to the Settings app on your Android device and select Smart Lock Passwords.
Make sure that this setting and Auto sign-in are both flipped on. Then try it out by downloading one of the above-mentioned apps or signing out and then back in again. You should see the Smart Lock icon fire up the next time you try one of these apps.
Use the Sign In
Because Smart Lock for passwords is in its infancy. There’s another piece of Googles password killing strategy that you can use. The sign-in allows you to log in to any supported services with your account. In most cases, you’ll see the + icon. However, that will probably morph over time to regulate, as the company’s social network is dramatically scaling back. Just about any decently sized service now uses the sign-in option. It’s more secure than a password because the app authenticates your account with the password. You can occasionally check in with Google’s new account management tool to see which apps you’ve enabled and de-authorize any that you don’t use anymore.
I use this service whenever I can. It means I don’t need to create or keep track of another password. Yes, it represents yet another piece of my online identity, but the company has been a good steward. I’ve been using Gmail for 10 years, Chrome since it launched, and many services across Android, Chrome, and iOS. My security has never been breached, and my data hasn’t ended anywhere I’m uncomfortable with. It would be best if you were sure to enable two-factor authentication and regularly check in with which devices are accessing your account. With diligence and common sense, your security should be OK.
You’ll Still Need some Workarounds
Google’s Smart Lock effort is still in its early days. Few apps have implemented the feature to automatically use your saved Chrome password when logging into an app. And there are still some that need to use Google’s sign-in. So you’ll need a workaround for sites where you’ve saved your password and need it to log in on Android. The best way to manage this is to get to your passwords at passwords.google.com. From here, you can copy any password to the app. You’re trying to sign in and after you again sign in to your account. It’s not as smooth as having a password manager connect you or using SwiftKey’s partnership with Dashlane.
The Job Done
But it will get the job done. You can view any of your passwords, hit the eyeball icon. Then copy and paste it into the app you want to use. It’s somewhat of a pain, but it’s the best you can do until Smart Lock takes off. Strangely, I also found that sometimes the password wouldn’t copy to my device’s clipboard. The best workaround was to hit the multitasking button, swipe away Chrome, and try it again.
Another tip; Chrome has a hidden feature that will generate secure passwords. When it detects you’re trying to create a new account on a website. To flip this on, type chrome://flags into the Omnibox, then look for Enable password generation. Select Enable, then press the pop-up Restart button for this feature to go live.
This works for Chrome on Android, Windows, OS X, and Chrome OS. It’s the fastest way to get a strong password synced to your account. I suspect this capability will eventually become a standard feature in Chrome. During the time it pushes forward with its Smart Lock efforts.
The security solution I’ve outlined here is definitely for someone who doesn’t mind a few hiccups. And knows their way around the intricacies of a smartphone. It will be a pain from time to time when you need to copy and paste over passwords. But going all-in with Google’s password scheme is the best way to protect your online identity. And prepare for Google’s goal to tighten identity management security between Android and Chrome.