Passwords are on the way out, it seems. With current boom – and obvious success – of phishing, it’s time to see what could be a better alternative to this flawed solution.
Despite having considerable success with the two-step login authentication option made available to its customers, Google is looking in the direction of hardware authentication, reports Wired.
In a research paper written by Google Vice President of Security Eric Grosse and Engineer Mayank Upadhyay and soon to be published in the IEEE Security & Privacy magazine, the two authors will explain some of the newest experiments the company conducted in technologies that might supplant the ever-present password.
Google has in mind physical tokens: USB sticks, cryptographic cards (such as that manufactured by Yubico), smartphones and perhaps even “smart” jewelry.
They also created a new protocol for device-based authentication, which works without the user having to install special software. The protocol is independent of Google, but requires the use of a web browser that supports it in order to work.
With this, authenticating to your email or any other online account would be as easy as plugging in the key or card, tapping your smartphone or using a smartcard-embedded finger ring.
Of course, there are flaws in this whole plan, too. Your token or smartphone can get lost or stolen. Also, the smartphone (at least) would also have to be protected by a screen unlock code – so technically, you’d still be forced to remember a password, but the positive thing is that it wouldn’t be complex.
“Others have tried similar approaches but achieved little success in the consumer world. Although we recognize that our initiative will likewise remain speculative until we’ve proven large scale acceptance, we’re eager to test it with other websites,” they wrote, adding that they hope that other websites will also be eager to be included in the testing.