Can hardware help kill the password? Google thinks so

Google engineers say they have been experimenting with hardware that would act as a master key for online services.

By Jared Newman, PC World |  Security, Google, passwords

To help the Internet move on from usernames and passwords, Google wants to put a ring on it.

Google's engineers have been experimenting with hardware that would act as a master key for online services. Examples include a smart ring for your finger, a cryptographic USB stick, or a token embedded in smartphones. Google vice president of security Eric Grosse and engineer Mayank Upadhyay outline their proposal in a research paper for this month's IEEE Security & Privacy Magazine, according to a report in Wired.

The idea is to prevent remote hackers from accessing online accounts through stolen usernames and passwords. Without physically stealing the login device, they'd have no other way to gain entry.

Some Web services already offer this type of security through two-step authentication. For instance, when you sign into Gmail on an unrecognized PC, you can have Google send a text message to your phone with a validation code. Once you enter the code, Gmail can remember that PC indefinitely.

The problem with two-step authentication is that it's cumbersome to validate all your computers, and to go through the process just to check e-mail on a friend's computer. Signing in when your phone is out of service can be an issue as well, although Google does provide 10 backup codes for that situation.

A physical device--ideally one that could communicate wirelessly to computers--would make the process easier. "We'd like your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity," Google's engineers write.

Of course, relying a ring or other device to log in raises its own challenges. There'd have to be a backup sign-in method--one that's more secure than just a password--in case the device becomes lost or damaged. And while a ring or other contact-based device would help protect users from faraway hackers, it'd be easier to steal by spouses, co-workers or children. Google's engineers admit that they might still need to require passwords, but those passwords wouldn't have to be as complex as today's hacker-proof formulas. Also, not everyone will want to wear a ring or carry their phones around all the time just to use their computers.


Originally published on PC World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question