- dotTech - https://dottech.org -

Google wants your next password to be your phone or a ring on your finger

googlelogo [1]

The traditional password is now considered by many to be a security flaw. A combination of characters that can be cracked or even guessed is probably not the best way to safeguard our online lives today, and services like LastPass or 1Password provide an alternative through their software-generated passwords. But is there a better way to do it? Google seems to think so — and they want it to be physical objects.

A new research paper by the company will be published this month in the IEEE Security & Privacy magazine, but Wired already has a few details from the paper. The research done by Google involves numerous alternatives to the way we log into sites today, and the similarity between all of them is that they require physical devices. With these new methods, they aim to make password process not only simpler, but more secure.

One of the systems would involve embedded chips in smartphones. This would make sense because most people who would use a new kind of log-in process would probably have a smartphone anyway, and it’s something you always have with you. A more unusual method described in the research paper would use rings with embedded security tokens in them to log you in. While this could be convenient, I’m not sure how many people would like to have a ring on them just for their email password.

Something that is much more feasible at the moment is what they’re working on with YubiKey cryptographic cards, programming it to automatically log in a user when inserted into the USB port. This method doesn’t require any additional software, just a modified version of Chrome. Google is also working on a universal protocol that allows for device-based authentication, which would work independent of the company’s services, and would only require a browser to support the standard.

For now, we’re gonna have to look to Google’s two-step authentication, or services like LastPass if we want any added security. Despite the potential conveniences that Google’s proposed methods can bring, widespread adoption is probably a long ways off. But the important thing is, they’re working on it. And someday, all we’ll need for our computers to log us in would be our phone. Or a key. Maybe even a ring on our finger.

[via TechCrunch [2], Wired [3], image via Robert Scoble [4]]