Passwords, weak or strong, are so yesterday. They’re so easily forgotten or stolen, that two researchers from Google Inc. are proposing users replace traditional passwords with encrypted USB-like devices to log into secured Web sites and online accounts.
In an article recently published in the engineering journal IEE Security & Privacy Magazine, Eric Grosse, vice-president for security at Google, and Mayank Upadhyay, an engineer with the search company, outlined several ways people can use alternative authentication tools to replace passwords.
They said Google was currently conducting an in-house experiment with a small cryptographic card called Yubikey that users can insert into the USB slot of a computer. When the user connects to a browser compliant with the pilot program, that browser will initiate an authentication process of the user.
It’s time to move beyond passwords
RSA touts password innovation
Is there affix for the password problem?
Upadhyay and Grosse said the authentication device could be integrated into a smart phone or a piece of personal jewelry such as a finger ring.
The device could authorize a new computer with a mere tap on the machine. The system which would be ideal for situations when cellular signal is not available.
Such an idea is not entirely new. The method has been in use by some companies for some time already although it has yet to catch on with consumers.
Google aims to use this method to enhance its two-step verification system wherein users logging into a Google service from a computer are prompted to enter a password sent to their pre-registered mobile phone.
Of course the idea of using a smart phone or a real ring as an authentication tool is not foolproof. Those who have ever misplaced their mobile phone or wedding band, please raise your right hand.
Read the whole story here