​Google wants you to log in once on Android - with any password manager

Google is backing the new OpenYOLO initiative to allow all password managers gain the autofill features that its own Smart Lock password manager offers on Android.


OpenYOLO will behave like Smart Lock, but instead will serve users who've stored passwords with a service such as Dashlane.

Image: Google

Google is developing an open-source API to ease the hassle of logging-in to apps, particularly for those who use unique passwords for each of their accounts.

​Poacher turned gamekeeper? GCHQ issues advice on safer passwords

UK surveillance and intelligence agency GCHQ has come up with a list of best practice advice on the use of passwords.

Read More

The API, dubbed OpenYOLO -- short for 'you only log in once' -- will give developers a secure way to use passwords stored in password managers to help users log in to their apps.

Dashlane will be the first password manager to support the open API, although it's hoped other popular password managers will join the cause to simplify authentication for Android apps.

"Google is excited to support the launch of this project with Dashlane and help create a new open standard for app authentication," said Iain McGinniss, a Google software engineer who helped build Smart Lock for Passwords on Android.

"This project is part of our longstanding support of open technology standards that provide great, secure user experience to end users."

According to Dashlane, the API isn't stable yet so it hasn't released any details about how it will function. However, similar to Google's own Smart Lock for Passwords, its overall aim is to reduce the friction associated with logging-in.

Smart Lock is a password manager built into Google accounts that pre-fills login credentials for Android apps and sites on Chrome across devices. Users see a Smart Lock prompt when attempting to access accounts whose passwords have been stored by it.

Dashlane told TechCrunch that OpenYOLO will essentially behave like Smart Lock, but instead will serve users who've stored their passwords with a third-party service such as Dashlane.

Google earlier this year also announced Abacus, another password-killing project that uses biometrics and other indicators, such as location, and typing patterns to authenticate users.

"This is an important initiative for our industry and for the state of user security," said Emmanuel Schalit, Dashlane's CEO said in a statement.

"Collectively, we are committed to increasing user security and believe that the best way to do this is to champion open-source security projects, which Dashlane has done earlier this year by becoming the first password manager to adopt the FIDO Alliance's Universal Second Factor (U2F) authentication standard. We look forward to expanding this collaborative project that will benefit the entire security industry."

Read more on passwords


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All