Google is looking to Finish System of Passwords
A latest Google research paper reveals the lack of protection passwords offer internet users and the growing need to reinvent the authentication system to ensure safe surfing.
The report, set to be published in the IEEE Security & Privacy Magazine later in January but already interested by Wired Magazine, puts forward a very strong argument for the abolition of traditional internet passwords in favor of a physical token such as a 'smart ring' or a card that connects to the computer via the USB slot.
Google would be set to replace them entirely and is experimenting with USB keys, mobile phones and even jewellery that can act as a physical "key" to give users access to their account.
"Along with many in the industry, we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe," write Google's Eric Grosse and Mayank Upadhyay in the paper.
"We'd like your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity," they continue.
The report highlights the difficulty users have in creating and remembering strong and unique passwords for each of their online services and also shows the progress Google has already made in adopting its own services to work with a YubiKey - a small cryptographic card - which, when connected to a computer's USB port, automatically logs the user into Google.
Almost a week goes by without a report of a high profile website or web service - from Google Mail to Yahoo to Sony - being hacked and account details being compromised.
In August a single Drop Box employee's account was hacked and the attackers obtained a list of users' email addresses.
In June last year, hackers stole 6 million LinkedIn passwords and posted them to a Russian site to crowd source the key to their encryption.
At the same time the threat of malware and phishing attacks has never been greater. Use of a physical token for identification would cancel out all of these threats, and if any company has the power and influence to change the way users are authenticated on the web, it is Google.
The Yubikey, which is believed to have been tested by Google, can automatically log users onto all their accounts without ever asking for a password by placing it into a Google laptop.
The tiny key can be used in any machine with a USB drive, and acts as a physical "key" to unlock the user's account.
It can automatically log users in to all of their accounts, and even into their favourite websites, without ever asking for a password.
In the upcoming issue of IEEE Security and Privacy Magazine, Google Vice President of Security Eric Grosse and engineer Mayank Upadhyay are set to detail what is basically a physical key with a "smart chip" embedded inside it.
The firm is also believed to be experimenting with wireless chips that are already built into some mobile phones, and can even be built in jewellery.
'We'd like your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity,' the team write.
The firm is also believed to be addressing the obvious problem with the system - users losing their "key".
The USB Keys can be placed on a keychains, and are similar to the ID readers required by many banks to allow people to log into their accounts However, the pair admits that they will have to rely on websites to support the scheme.
The USB keys are resilient to being dropped, and can even be taken underwater without ruining them.
You may also Like :-
3. Facebook allows free calls for iPhone users
Read more...
No comments:
Post a Comment