Google Makes Moves To Kill The Password

Passwords are long and complicated and hard to remember. And that's only if they're good passwords. No matter how you slice it, passwords are annoying and on top of that, they're not even all that secure. Google knows that all too well, and it's pushing for the next big thing. A ring maybe. Like for your finger.

Google has been getting behind two-step verification for a while, and although that's more secure than a standard password, it's also more annoying. Hardly a perfect solution. In a paper to be published later this month in IEEE Security & Privacy Magazine, Google's President of Security Eric Grosse and Engineer Mayank Upadhyay are pitching alternatives like cryptographic card for your USB, or some kind of (presumably NFC) ring.

Google has software in the making that would allow this kind of stuff to log you into a browser without involving any sort of software in the middle, just you and your browser. But even in the best possible future, it won't kill passwords completely. So long as your little key can be separated from you, you'll have to have a PIN or something, and the more conveniently short the PIN, the more important it is you don't lose that key. Still, it beats straight passwords and two-step verification annoyances. And the sooner the password can finally be laid to rest, the better. [Wired]

Picture: Florida3d/Shutterstock


Comments

    "log you into a browser" should be "log you in with a browser" the meanings are very much different.

      I think they do indeed mean "log you into a browser". You log into the browser and it syncs your bookmarks and preferences, maybe even logins for many websites, from the cloud.

    What happened to those finger print scanners on laptops? Never used them but couldnt that be used? Id rather that than an NFC which anyone can take from you

      A few Thinkpads I've owned/been lent by work have had fingerprint readers. All round a PITA and more trouble than they're worth. Multiple rejections waste so much time it's easier just to type in a password.

      I use one on my work laptop. That said, I think I read that there is only so many combinations of fingerprints. I think eye retina scanners allowed more unique combinations. Does the job for my laptop, but if the fingerprints aren't guaranteed to be unique, then I'm guessing there might be issues. Also, if you were compromised then you can't actually change your login. An NFC solution would just require a software reconfiguration or worse case, a new piece of hardware.

    If push came to shove I'd rather them take my ring than my finger. Mythbusters did the fingerprint scanner thing: http://www.myvideo.de/watch/671580/Mythbusters_Fingerprint_Lock

    So... who gets the one ring to rule them all?

    The problem with any authentication is that it can either be stolen or pwned.

    Passwords are especially weak since most people use the same one (or variations of the same) for everything.

    Thereafter degree of security is proportional to degree of inconvenience. It just depends on what you need to protect. Anything truly sensitive shouldn't be on an internet-capable machine.

    inb4 future Augmented Reality glasses technology requires various individuals biometric parameters before they will even turn on. So simply wearing them when they are on is primary authentication to everything they network to.

    Forget a ring, I'd get mine surgically implanted under my skin.
    1. I wouldn't lose it
    2. Good luck stealing it!

    There are more ways to compromise someone's account without knowing their password. For some examples, you have social engineering to get the answer to their forgot password question, hijacking their browser session, or more commonly compromising the database of passwords for users of a particular service.

    Majority of peoples accounts security are dependant on the service provider, allowing you unlimited login attempts is a huge problem, limiting the length of passwords is another (really annoying for us passphrase users), and as demonstrated most often by so-called anonymous hackers is having easy to crack databases which are then leaked to the public.

      +1 - Ghost in the Wires, Kevin Mitnick.

      Social engineering trumps all passwords.

Join the discussion!

Trending Stories Right Now