Passwords are a universally hated method of authentication, but they're ubiquitous and pretty secure if used correctly. There's a problem with that last bit, though. A substantial number of users use, shall we say, suboptimal passwords, and very often reuse them across multiple services. The underlying problem is that a good password is either complex, long, or both. Conjuring one up and typing it in every time is an annoyance, to say the least. Google wants to put an end to that.
The search giant has begun a limited test of a security feature that allows user to login simply by clicking "yes" on a notification sent to his phone. If this rings a little familiar, it's because it's akin to what Yahoo is doing with its Account Key service. This is a sort of one-factor authentication method, relying solely on something you own, and dropping the "something you know" aspect of two-factor authentication. Occasionally, users may be asked for their password if Google thinks something's a little funny. If the phone is lost or misplaced, users can log in from another device and deauthorize the lost one.
Given that most people tend to have their phones nearby at all times, the new authentication method could add convenience as well as security. No more weak passwords, and phising attempts will likely prove less fruitful. According to TechCrunch, a Reddit user named Rohit Paul was recently sent an invitation to join a group whose users can try out the new authentication method. Google hasn't announced whether this feature will be made available to the general public yet.