A curious thing appeared in my feed: it would seem Google is developing a new authentication method. It's supposed to "kill passwords". If that sounds suspiciously like "kill any semblance of security" to you, you'd be incredibly right!
So it's an API that decides whether you really are who you say you are, based on biometrics. But worry not, banks will require much higher trust score than games! And apparently some people want this to replace 2FA. You can see a handy chart from last year's conference showing estimated entropy of all this bullshit: whole 20 bits.
It "may prove to be ten-fold more secure than just a fingerprint sensor", because you know your security system is great when your selling point is being better than 4-digit PINs or fingerprints. Because people still don't understand that biometrics are usernames, not passwords.
This is probably the most brain-dead idea I've ever heard. And the worst thing is, there doesn't seem to be any way to disable this, so your account may be compromised even if you don't want to use it, because you know that neglecting the security of one of the most critical accounts is fairly important. And because this is Google project and it's an API and people are dumb, this is bound to be used elsewhere too (articles already mentioned that banks want to trial it, because of course, if there is anyone worse at security than Google it would be banks).
There's been reports of users being able to login to their accounts on brand new devices with silly questions like "what city do you login from the most". To be honest I don't really care whether they're true or not. This whole thing has literally no redeeming qualities whatsoever. This is what centralisation brings: morons in charge.
I'd say that this ruins privacy, too, but that ship has sailed a long time ago.