Using your Google account to sign up for a website or app is a lot easier than making a new account and password each time, but it’s also riskier. A great alternative is to use an encrypted password manager to keep track of your accounts (and unique passwords), but you still have to make all those accounts in the first place.
Google is looking to solve both problems with its upcoming “One Tap” and “Block Store” features, both of which will be available on Android and on the web in the near future.
One Tap is Google’s new cross-platform account management feature that lets you create an account the first time you sign into an app or website with a single tap on your smartphone. Your Android device will ask if you’d like to create a new account linked to your Google account, and all you’ll have to do is tap “Continue as [username].” That’s it — no confirming email addresses or creating passwords.
One Tap uses token-based security by default rather than passwords, but it can also use passwords, if you prefer, and you can save login credentials for accounts you already have. Your info is synced to your Google account, so you’ll sign back in with a single tap each time from any device (as long as you’re signed in to your Google account). The feature is slowly rolling out now, but Google users can expect to see it more often as more devices and websites support it.
This setup will make account creation and logins much simpler, but Google’s other new feature, Block Store, will help make them more secure.
Block Store lets an app generate user-specific security tokens that are used for sign-ins, rather than storing user names and passwords. This token is saved locally on the device, though it can also be backed up to the cloud by the user and downloaded to new devices for easy sign-ins. Block Store tokens are end-to-end encrypted and Google cannot read them. Developers will also be able to configure the encryption method to suit their apps, and Block Store can be configured to work with third-party password managers as well. You’ll only be able to use Block Store on apps that support it, but it’s a potentially more secure form of credential storage.
So, should you use these features? Personally, I wouldn’t count on either fully replacing encrypted password managers. Having everything linked to your Google account means someone only needs to break into a single account to potentially steal your identity . And while token security is theoretically safer than an app storing usernames and passwords, it won’t do you much good if someone gets physical access to your device. Still, I think One Tap and Block Store could bridge the gap between convenience and security for many Google users, and, if used effectively by developers, reduce the likelihood of user credentials being stolen or leaked.