Passwords have been around in the tech arena for a really long time. And over time, although they have grown complex, they are a rather poor security tool, as many recent hacks have suggested. Many have been proposing that technology must move on and find an alternative. Google apparently agrees with that as it explores new alternatives to passwords.
During the year 2012, password officially broke down. There were countless instances where passwords were breached, accounts were hacked, data was stolen from the user and irreparable damage was done to their digital lives. Throughout the year, it was well manifest that password has probably reached the end of the line and we need something more secure to ensure digital security.
Google’s security team is well cognizant of this and has penned down a new research paper over the issue. The paper has been penned down by Eric Gross, Google’s Vice President of Security and Engineer Mayank Upadhyay. Commenting on the security provided by passwords, the duo writes, “Along with many in the industry, we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe.”
The idea that both researchers are exploring is to follow a model where the user would be required simply to authenticate only a given device. Once the user authenticates the device, he will then be able to access all his accounts from that device without any hassle.
The alternatives that the team is exploring includes a certain Yubico cryptographic card. Once a user slides the card into a USB reader and connects it up to a given computer, the Chrome browser is automatically able to draw the user’s credentials from it and log him into his online accounts.
The paper further mentions, “We’d like your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity.” According to it, we may not be able to do away with passwords altogether. Rather, it may take a backseat, required for some sub-important authentication whereas some other mode may be used to ensure primary authentication.
The duo also mentions something of a ring embedded with the required hardware to replace the passwords. The user can simply tap the surface of a mobile device and wirelessly supply his login information. However, a minor problem with both the Yubiko card and the ring is that they can be lost, stolen or misplaced. In that case, we will also require backup options to further secure these alternatives.
Courtesy: Wired
[ttjad keyword=”security”]
a hardware key / dongle isn’t exactly the holy grail of security either…
Especially when its used to authorize a device, which might also be used by others, or which might be stolen or lost in its authorized state…