Google's password proposal: one ring to rule them all

In a forthcoming paper, Google engineers float the idea of supplementing passwords with hardware that you wear. Or carry. Or slip onto a finger.

(Padlock image by AzaToth, public domain; CBSi)

Hardly a day goes by without some high-profile person's — along with countless people of lower profile — account hacked. Weak password, stolen password, non-existent password; whatever the cause, breaking into our digital lives is easy — and getting easier.

That's why Google has said that passwords are no longer the best solution for sensitive accounts. "We contend that security and usability problems are intractable," wrote Google's Eric Grosse and Mayank Upadhyay, in an article to be published later this month in IEEE Security & Privacy. "It's time to give up on elaborate password rules and look for something better".

One idea: a ring that authenticates a user's identity so a password doesn't have to.

As first reported by Wired, "something better" will likely involve hardware. Google has already made a significant foray into this arena with two-step verification, which combines something the user knows (a password) with something the user has (a single-use code, sent to a smartphone connected to the account). The paper says that "millions" use two-step verification, and that it's among the largest services of its kind in the world.

But it can also be a pain. Grosse, Google's vice president of security, and Upadhyay, an engineer, said that "not nearly enough of our users are protected" by the two-step service. In the paper, they propose an alternative: a "USB token" tied to the user that plugs into a computer's USB port, which then communicates its identity via a website, and in so doing, grants the user access to his or her accounts without the need for passwords.

The authors noted, however, that it may be difficult to persuade people to buy USB tokens. Instead, they speculated, what if it was integrated into something a person was more likely to carry, which could communicate with the computer via near-field communication or Bluetooth?

"Some more appealing form factors might involve integration with smartphones or jewellery that users are likely to carry anyway," the authors said. "We'd like your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity."

The article is well worth reading in full. It will be posted online by 28 January at this website, a spokeswoman said.

Via CNET.com

Previous Story

Kim Dotcom's 'Mega' goes live

Software
Next Story

Beware fake Java updates



Add Your Comment 2


Post comment as
 

SowrabhB posted a comment   

one step closer to a horrible world of microchip implants.

 

Chandler posted a reply   
Australia

Why horrible? We've been implanting our beloved pets with microchips for many years...




Sponsored Links

Recently Viewed Products