Dashlane and Google's OpenYOLO Password Manager Reaches Beta

Dashlane and Google have (finally!) brought their OpenYOLO password manager to Android. Developers can grab the code from GitHub and integrate the You Only Login Once tool with their mobile apps.

Dashlane first announced its OpenYOLO project way back in August 2016. The basic idea is to improve app adoption by smoothing over the login process. Complicated or annoying app signin processes can force potential users to abandon apps. Removing every possible barrier to app logins helps ensure first-time users will actually launch and use the app (at least once.) In order to do this, the OpenYOLO API lets developers access the passwords that end users have stored in password managers.

Google, Facebook and other internet companies have long supported app/service logins using their own credentialing tools. The OpenYOLO API goes a step further by incorporating third-party password managers, such as 1Password. This gives both developers and consumers more flexibility when it comes to authenticating apps.

Google approached Dashlane about this issue last year. It first created the SmartLock API, which allowed app developers to reach into the logins stored within Chrome. Not all developers want to rely on Chrome-based passwords, however, and Google alter agreed to embrace an open standard. Google and Dashlane have spent the last year working together and with other password managers to reach this week's release.

The project is open-source and sponsored by the OpenID Foundation, so it is freely available from GitHub for everyone to use and explore.

According to Dashlane, OpenYOLO allows developers to easily manipulate credentials for their application by interacting with the credential provider of the user's choice. This allows them to automatically sign users into the app using saved credentials; rapidly on-board new users by bootstrapping off of existing identities; and prompt users after sign-in/sign up to save their credentials for future automatic sign-in.

A typical sequence for sign-in flows would include an auto-sign-in by retrieving saved credentials, account creation, save valid credentials from third parties for future API calls, and, if necessary, delete stale credentials if the original source sign-in is no longer valid. Developers will need to add the OpenYOLO Api as a dependency.

Officially, OpenYOLO has reached the beta production ready stage and can be integrated into production applications. At launch, 1Password, Dashlane, and Google Smart Lock support the OpenYOLO API.

"The result?," says Dashlane, is "happier, more secure users and fewer lost signups and logins."

All the needed tools are posted on GitHub. Documentation includes a getting started guide, as well as code samples.

Be sure to read the next Authentication article: The W3C's WebAuthn Standard Could Do Away With Website Passwords


Comments (0)