A new Chrome API being proposed would introduce a method of “password-free authentication” to Chrome OS.
The API – called chrome.screenlockPrivate – would let Chrome Apps lock or unlock your Chrome OS device with a way to show messages to users when a device is locked.
The document mentions USB, NFC, and Bluetooth APIs for “communicat[ing] with a secondary trusted device” to provide an “alternative form of authentication”. Proximity-based desktop applications have existed in the past to show notifications from devices or to trigger certain desktop events when you enter or leave a room. These new APIs would give Chrome developers a predictable interface for interacting with such devices – e.g., smartphones, smart watches, or even NFC rings – to provide either an alternative or “two-step” form of authentication.
Additional unlock UIs like a “swipe pattern matrix” are also mentioned in the proposal. With touchscreen Chromebooks trickling out, this could mean a faster way to unlock your Chrome OS device. And with the wealth of hardware APIs already available to packaged apps, adding voice and facial recognition as forms of authentication may be possible as well.
“Apps may eventually want to mediate login as well as unlock”
What’s more, these additional unlock methods could also come to the login process as well. An app could register itself as a login authenticator, stepping in to offer a swipe pattern instead of or in addition to the normal username/password login on Chrome OS devices.
As this is still only a proposal, we can all let our imaginations run wild, but several issues are at hand when exposing such a significant API to Chrome Apps. Multiple apps may request locking and unlocking at the same time or in such a short succession as to block a user in an endless onslaught of unlock screens. Because of the potential for abuse, the proposal suggests keeping the API whitelisted, requiring an app to be reviewed by the security and privacy team before being published.
Introducing better ways to secure content is exceedingly important on a device as connected to your digital existence as a Chromebook, and making authentication faster and easier – be it with help from a smartphone, smart watch, or sundry devices – means users will be more willing to keep their content safe and secure.