Google flags new authentication with two-page Gmail sign-in

Google is splitting its Gmail login process across two pages in preparation to introduce “new authentication solutions”.

The search company quietly announced the change this week, saying on its product forums that it will be “gradually splitting” the email and password fields — which are currently on the same page — across two pages. So, after typing in an email address users will be bumped across to a second page where they key in their password and click “Sign In”.

Google says it’s a minor change and one that hasn’t caused troubles on Android in a previous product roll out, but some users aren’t happy about the change to the web experience.

The shift to a two-page sign-in process will lay the groundwork for the company to introduce “new authentication solutions” that Google says it’s talked about many times before.

Google doesn’t say what those new authentication methods are but it has been working on smoothing out the authentication process for unlocking Android devices with Smart Lock, it’s answer to Apple’s TouchID using multiple sensors rather than a single fingerprint reader. For example, it uses the camera for facial recognition, the accelerometer for motion detection, proximity to other Bluetooth connected devices, location, NFC and speech.

The company has also thrown its weight behind the FIDO Alliance to develop the two-step verification Security Key, a USB-based key from third-party manufacturers that can be used to sign-in to a Google Account without having to type in a password; simply hit the button and the key delivers a cryptographic signature. Google is using it to streamline authentication and key revocation for enterprise customers using Google Apps.

Although peripheral to its authentication projects, another password-related initiative by Google is its Chrome extension Password Alert, designed to warn Gmail users when fraudsters are attempting to snag a password with a bogus Google site. However, white hat security researchers managed to bypass this measure within a day of its release and again after Google updated it.

To smooth out the new two-page process Google will be adding a profile picture and full name to the second page when signing in from a location or device the user has signed in from before. It also says the new

Google claims it will offer several advantages though, including steps beyond the standard username/password combination; “reduced confusion among people who have multiple Google accounts”; and a better experience for SAML-based single sign-on users.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Feeling social? Follow us on Twitter and LinkedIn Now!

Tags GoogleAndroidGoogle AppsbluetoothpasswordNFCcryptographicpassword authentication systemsSAMLCSO AustraliaChrome extensionsGmail sign-in

Show Comments