"They're silently observing your behavior," Maler said.
Such techniques can go a long way toward augmenting passwords, Maler said. However, users will still have to choose much stronger passwords than they do today. In its 2012 list of worst passwords used on the Web, SplashData found the top three passwords to be "password," "123456" and "12345678."
The use of any device in authentication opens up the possibility of having it lost or stolen. One answer would be biometrics to established the identity of the user. "There needs to be an accompanying mechanism to ensure that your device can only be used by you," said Dan Olds, an analyst with the Gabriel Consulting Group.
How far Google can take its ideas toward widespread adoption remains to be seen. But recognizing and trying to solve the password problem is a step in the right direction.
"It's about time we got serious about replacing passwords," said Andrew Storms, director of security operations at nCircle. "Maybe news of Google's experiments will encourage other vendors to look seriously at alternatives."
Sign up for CIO Asia eNewsletters.