[MUSIC PLAYING]
VISHNU KALUGATLA: Hi, everyone.
My name is Vishnu, and
I'm a product manager
working on identity at Google.
Today, I'll be talking
about identity on Android
and what's new in sign-in.
Smartphones and computing
devices are more important
today than ever before.
And a critical part of
being able to use these
is actually signing into
your apps and websites.
The sense of security
everyone has on the internet
is based around
passwords and their use.
And as you all know,
they're a flawed tool
that creates many challenges.
User authentication can
be a complex problem.
In order to provide a
personalized experience,
the first, and oftentimes most
important, step is to sign in.
Let's take this
app as an example.
You'll see various sign-in
mechanisms and wonder,
did I use Google or
another federated sign-in?
If you use email, you
might also wonder,
which email did I actually use?
And once you get to
entering your password,
you may not have any clue what
it is, and probably will just
use the Forgot Password link.
And finally, did I even have
an account in the first place?
I've named several challenges,
and here are existing solutions
for those.
Google sign-in allows you
to use your Google account
to sign up or sign in.
Smart Lock is a frictionless way
to save and retrieve passwords
to sign in between
Android and Chrome.
And Android autofill
is a low-touch way
to remember and
fill in passwords.
However, there's
still a gap, and we'd
like to solve two
key challenges.
First, there's overhead
on you, as developers,
due to not knowing
what to implement,
having to implement
multiple solutions,
and making sure that they
all work together smoothly.
You may not know which
ones to prioritize.
And properly integrating
all of these is a challenge.
The second challenge we see is
that despite our best efforts,
many users simply don't
save their credentials.
Federated and identity
and password managers
work great if the user
chooses to use them.
But we see that many
of them still choose
to manage their own accounts.
They'll write their
passwords down in a document,
on a Post-it Note, or
try to memorize them.
And this could be for a
variety of different reasons,
including not understanding
or trusting these solutions.
Or they just want to
get into their account
and not be bothered
at the moment they're
trying to sign in.
And unfortunately,
many of these users
end up recycling
the same passwords
or using insecure ones.
We heard your feedback
on these issues
and we're looking to
make something better.
In order to tackle these
issues and resolve them,
we've been working on
One Tap and Block Store,
part of our new Google
Identity Services Library.
One Tap is our new
cross-platform sign-in
mechanism for web and Android,
supporting and streamlining
multiple types of credentials.
Block Store is our new
token-based sign-in mechanism
that's built on top
of backup and restore.
Let me walk you through
them, starting with One Tap.
To start with, there is a
fragmented user and developer
story.
As I mentioned, our
APIs don't currently
support multiple
credential types,
requiring multiple solutions.
You also have to worry
about making sure
that these solutions
you use work together
and make a good
experience for your users.
Of course, there's
the constant problem
of there being weak and
reused passwords, which
are always a security concern.
Users can drop off if they
don't remember their password,
whether they used the password
or a different mechanism,
or if going through the
trouble of making an account
stops them in their tracks
from using your app.
We'd like to solve these
and make sign-in and sign-up
both easy and secure.
And we're introducing One Tap.
Here's what it looks like.
Users can be prompted to sign
into your app with one tap
upon app open.
They can also sign back into the
same account with just one tap.
Signing up once,
signing in everywhere,
and supporting several types
of credentials, as well
as cross platform sign-in.
To get into some of
the details, new users
can sign up with just One
Tap without being interrupted
by a sign-up screen.
Users get a secure, token-based
passwordless account
with their app associated
with their Google account.
On the passwords front,
you can annotate your field
so that Android
autofill can save it.
Or we have an explicit
password-saving option
with One Tap.
All of these are
synced automatically.
Returning users can
sign into your app
with One Tap on any
device, whether they use
a Google account or a password.
All of these are available
in the same interface
to reduce friction and
confusion for users,
and help them come back to
the same spot they left off.
We've already seen
better conversion rates
from those who
implemented this API,
and we're really excited
to see the benefit
that it can bring to you.
Moving on to how this
unifies the experience.
A user can sign up anywhere
with their Google account
through One Tap.
And again, this can
be right after app
open, allowing them to
drop right into the action.
They can sign back in
seamlessly when they come back.
Users can also save their
password anywhere with Google,
whether during the
sign-up step or otherwise,
on any Google platform.
These will be synced
and retrieved seamlessly
with One Tap when they
come back to your app.
We're unifying the support of
credentials on one interface
and bringing together the
Android and web platforms
as well.
We've launched One Tap
on both web and Android,
and you can find documentation
to the links on this page.
We'd love for you to try them
out and give us your feedback.
And we really hope
you find them helpful.
Now, moving on to a deeper
dive on Block Store.
As we all know, users need
to sign into a ton of apps
on day one of using
a new Android device.
This is true on phones, TVs,
cars, and other platforms too.
And as I said before,
many users choose
to manage their own credentials.
The combination of
these two things
can lead to a really frustrating
first day experience, as people
have to remember
the credentials they
use for each one of their apps.
Ultimately, this
friction can lead
to some users not
reengaging with their apps
on a new device.
How can we help these users
make sure they get back
into your app with
minimal friction?
That's why we're
introducing Block Store.
Block Store is a new
API that provides a way
to save user credentials
without the friction or some
of the security risks associated
with saving user passwords.
Here's how it works.
When the user signs into your
app, or anytime afterward,
you can save the
authentication token
that you generate for
that user to Block Store.
And since this is
app-specific data,
no consents need to
be shown that would
slow the user's
progress while they're
trying to get into your app.
Once you save the
token with Block Store,
the token is encrypted and
stored locally on the device.
If the user has
cloud backup enabled,
the token is end-to-end
encrypted and also stored
in our cloud.
The data is opaque to Google.
And you can format
your data in any form
that your app and
server can understand.
Later on, when the user returns
to your app on a new device,
if they go through either
a device-to-device or cloud
restore flow, Block Store
will retrieve your token.
The user has already
agreed to restore your app
data as part of
the restore flow,
so no additional
consents are required.
When the user opens your app,
you can request your token
and use it to keep the user
signed in on the new device.
They don't even have to
see a sign-in screen.
Here's a recap of what
Block Store provides.
It's a secure end-to-end
encrypted credential storage
solution for developers.
It reduces some of
the risks associated
with saving plaintext passwords
by allowing you to save
encrypted tokens instead.
And it eliminates friction
from sign-in flows
by leveraging the user's
backup and restore preferences.
We're hoping to
start an early access
program by the end
of this quarter,
so please reach out to
us at the following email
address if you're
interested in joining.
We'd love to have you.
So now to bring it all together.
Here is our updated guidance
with our new solutions.
If a user signs up or signs
in for the first time,
you can sign the user up or
in seamlessly with One Tap.
If a user prefers to
use a password manager,
you can annotate your
field so that credentials
can be autofilled.
You can also choose to
implement the save password
feature of One Tap.
If a user buys a new phone, you
can eliminate sign-in friction
with Block Store.
One Tap sign-in today covers
Google accounts and passwords,
and will also support
Block Store token retrieval
by the end of this year.
So to wrap things up,
One Tap and Block Store
will be part of the unified
Google Identity Services
Library called GIS.
Block Store tokens will be
retrievable using One Tap.
And Google sign-in and
Smart Lock for Passwords
will be replaced by GIS.
We hope this library helps
bring better sign-in and sign-up
flows to users, and helps
make things easier for you.
If you have any feedback,
we'd love to hear.
We're listening, and
are here for you.
Thank you.
[MUSIC PLAYING]
