Google searching for hardware alternatives to passwords
Posted on 22 January 2013.
Passwords are on the way out, it seems. With current boom - and obvious success - of phishing, it's time to see what could be a better alternative to this flawed solution.


Despite having considerable success with the two-step login authentication option made available to its customers, Google is looking in the direction of hardware authentication, reports Wired.

In a research paper written by Google Vice President of Security Eric Grosse and Engineer Mayank Upadhyay and soon to be published in the IEEE Security & Privacy magazine, the two authors will explain some of the newest experiments the company conducted in technologies that might supplant the ever-present password.

Google has in mind physical tokens: USB sticks, cryptographic cards (such as that manufactured by Yubico), smartphones and perhaps even "smart" jewelry.

They also created a new protocol for device-based authentication, which works without the user having to install special software. The protocol is independent of Google, but requires the use of a web browser that supports it in order to work.

With this, authenticating to your email or any other online account would be as easy as plugging in the key or card, tapping your smartphone or using a smartcard-embedded finger ring.

Of course, there are flaws in this whole plan, too. Your token or smartphone can get lost or stolen. Also, the smartphone (at least) would also have to be protected by a screen unlock code - so technically, you'd still be forced to remember a password, but the positive thing is that it wouldn't be complex.

"Others have tried similar approaches but achieved little success in the consumer world. Although we recognize that our initiative will likewise remain speculative until we’ve proven large scale acceptance, we’re eager to test it with other websites,” they wrote, adding that they hope that other websites will also be eager to be included in the testing.






Spotlight

The security threat of unsanctioned file sharing

Posted on 31 October 2014.  |  Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //