How New Sign-in for Android Works With Google One Tap
Using your Google account to register on a website or app is much easier than creating a new account and password every time, but it’s also more risky. A great alternative is to use an encrypted password manager to keep track of your accounts (and unique passwords), but you still need to create all of those accounts first.
Google is committed to addressing both issues with its upcoming ‘One Tap’ and ‘Block Store’ features, which will be available on Android and the web in the near future.
One Tap is a new cross-platform Google Account Management feature that allows you to create an account the first time you log into an app or website with a single tap on your smartphone. Your Android device will ask if you want to create a new account associated with your Google account and all you have to do is click “Continue as [username]”. That’s it – no verifying email addresses or generating passwords.
One Tap uses token-based security by default rather than passwords, but it can also use passwords if you like, and you can save the login credentials for accounts you already have. Your information is synced to your Google account, so you’ll be signed in with one tap every time from any device (if you’re signed in to your Google account). The feature is slowly rolling out right now, but Google users can expect to see it more often as more devices and websites support it.
This setup will make it much easier to create an account and sign in, but another new Google feature, the Block Store , will help make them more secure.
The Block Store allows an application to generate user-specific security tokens that are used to log in, rather than storing usernames and passwords. This token is stored locally on the device, although the user can also back up to the cloud and upload to new devices for easy login. Block Store tokens are end-to-end encrypted and cannot be read by Google. Developers will also be able to customize the encryption method according to their applications, and the Block Store can also be configured to work with third-party password managers. You will only be able to use Block Store on apps that support it, but it is a potentially more secure form of credential storage.
So, should you use these features? Personally, I wouldn’t count on a complete replacement for encrypted password managers . Having everything associated with your Google account means that someone only needs to hack one account to potentially steal your identity . And while token security is theoretically safer than an app that stores usernames and passwords, it doesn’t do you much good if someone gains physical access to your device . However, I think One Tap and the Block Store can bridge the gap between convenience and security for many Google users and, when used effectively by developers, reduce the likelihood of user credentials being stolen or leaked.