Google engineers are experimenting with new ways to replace user passwords, including a tiny YubiKey cryptographic card that would automatically log people into Gmail, according to a report published Friday.
In the future, engineers at the search giant hope to find even easier ways for people to log in not just to Google properties, but to sites across the Web. They envision a single smartphone or smartcard device that would act like a house or car key, allowing people access to all the services they consume online. They see people authenticating with a single device and then using it everywhere.
"We'd like your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity," Google Vice President of Security Eric Grosse and Engineer Mayank Upadhyay wrote in an article to be published in the engineering journal IEEE Security & Privacy Magazine, according to Wired.
Google's tinkering comes as the protection offered by the average password has never been weaker. As Ars explained last year in our article "Why passwords have never been weaker--and crackers have never been stronger," the combination of newer hardware, advances in cracking techniques, and the combined leakage of hundreds of millions of real-world passwords has made it easier than ever to crack the codes we all use to access our most intimate and business-critical secrets. Passwords are also vulnerable to phishing and other types of social engineering attacks as Wired reporter Mat Honan graphically and eloquently described last year when hackers erased large swaths of his digital life.
Click here to read more.
SOURCE: Ars Technica