Google updates authentication system to make it more appealing to developers and users.
Google Barge: 10 Informative Images
(click image for larger view)
Google on Wednesday enhanced its sign-on mechanism, Google+ Sign-In, by expanding availability, simplifying migration from other systems, and implementing a way for apps to obtain permission gradually rather than all at once.
Introduced in February as a follow-up to Google's Friend Connect service and as an answer to Facebook Login, Google+ Sign-In was created to enable the use of Google+ credentials for authentication at third-party websites and mobile apps. It was subsequently updated to support cross-device single sign-on, allowing, for example, a user to begin a transaction on the web and then complete it at some later time on his or her Android device after being automatically re-authenticated.
This latest update makes Google+ Sign-In available for all Google account types, including Google Apps customers and for Google users without Google+ profiles.
Google has also create a migration guide to help developers convert code that integrates other authentication schemes, like OpenID v2 or OAuth 2.0.
Perhaps most importantly, Google+ Sign-In now supports Incremental Authentication, a way for apps to ask for specific permissions at the time they're needed rather than immediately upon opening the app. Obtaining just-in-time consent, in theory at least, provides a better user experience because it helps users understand the context in which permissions are requested. A mobile app user inclined to refuse a request for Internet access as a result of privacy fears might be less likely to balk when it's clear that the app requires Internet access to send a message.
Asking for a minimal set of permissions up front and additional access as needed "not only helps users understand how their information will be used in your app, it can also reduce friction and increase app engagement," explains Google product manager Yaniv Yaakubovich in a blog post.
The downside to this approach is that it's more complicated: Developers have to plan for multiple interruptions in their apps, each of which may require its own permission interface and graphics. But done correctly, it should result in a better user experience.
In a recent phone interview, Seth Sternberg, director of product management at Google, said Google has been really pleased with the update of Google+ Sign-In, noting that it tends to be either the No. 1 or No. 2 login system in apps where it has been deployed. "Users just really trust Google," he said. "They're not worried that they'll end up spamming their friends, for example. Google+ Sign-In brings with it all of the security features that we built for ourselves."
Sternberg said that developers have been reporting increased velocity of registration, always important for retaining customers. He said that social commerce site Snapette, for example, reported a 16% daily increase in user registrations after implementing Google+ Sign-In.
"For developers, if they can get more signed-in users, that's a really big deal in terms of product engagement and, ultimately, revenue," Sternberg said.
There are other advantages to using Google+ Sign-In as well. Sternberg pointed to Fitbit, which has used Google's authentication mechanism in its desktop app to get users to agree to receive its Android app. With user assent, Google will automatically install Fitbit's Android app on the user's Android device(s). Sternberg said 60% of Fitbits users have done so. "They never touch the app, it just appeared. That's very, very powerful for driving Android app installs."
Thomas Claburn is editor-at-large for InformationWeek. He has been writing about business and technology since 1996 for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. He is the author of a science fiction novel, Reflecting Fires, and his mobile game Blocfall Free is available for iOS, Android, and Kindle Fire.
Consumerization 1.0 was "We don't need IT." Today we need IT to bridge the gap between consumer and business tech. Also in the Consumerization 2.0 issue of InformationWeek: Stop worrying about the role of the CIO (free registration required).
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Cybersecurity Strategies for the Digital EraAt its core, digital business relies on strong security practices. In addition, leveraging security intelligence and integrating security with operations and developer teams can help organizations push the boundaries of innovation.