Google looks to kill the password using tiny cryptographic card

Google logoGoogle engineers are experimenting with new ways to replace user passwords, including a tiny YubiKey cryptographic card that would automatically log people into Gmail, according to a report published Friday.

In the future, engineers at the search giant hope to find even easier ways for people to log in not just to Google properties, but to sites across the Web. They envision a single smartphone or smartcard device that would act like a house or car key, allowing people access to all the services they consume online. They see people authenticating with a single device and then using it everywhere.

Google looks to kill the password using tiny cryptographic card

"We'd like your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity," Google Vice President of Security Eric Grosse and Engineer Mayank Upadhyay wrote in an article to be published in the engineering journal IEEE Security & Privacy Magazine, according to Wired.

Google's tinkering comes as the protection offered by the average password has never been weaker. As Ars explained last year in our article "Why passwords have never been weaker—and crackers have never been stronger," the combination of newer hardware, advances in cracking techniques, and the combined leakage of hundreds of millions of real-world passwords has made it easier than ever to crack the codes we all use to access our most intimate and business-critical secrets. Passwords are also vulnerable to phishing and other types of social engineering attacks as Wired reporter Mat Honan graphically and eloquently described last year when hackers erased large swaths of his digital life.

The YubiKey device Google is experimenting with uses a modified version of the company's Chrome browser, so there's no additional software to load. It automatically logs users in when the device is inserted in a USB reader. Google also has a protocol for device-based authentication that is not dependent on any of the company's technology. It hopes it will eventually be used widely.

"Others have tried similar approaches but achieved little success in the consumer world," the Google engineers wrote. "Although we recognize that our initiative will likewise remain speculative until we've proven large-scale acceptance, we're eager to test it with other websites."

Source: Ars Technica

Tags: Google, technologies

Comments
Add comment

Your name:
Sign in with:
or
Your comment:


Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party


Last news

 
Consumer group recommends iPhone 8 over anniversary model
 
LTE connections wherever you go and instant waking should come to regular PCs, too
 
That fiction is slowly becoming a reality
 
The Snapdragon 845 octa-core SoC includes the Snapdragon X20 LTE modem
 
Human moderators can help make YouTube a safer place for everyone
 
Google says Progressive Web Apps are the future of app-like webpages
 
All 2018 models to sport the 'notch'
 
The biggest exchange in South Korea, where the BTC/KRW pair is at $14,700 now
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 /
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
 
 

News Archive

 
 
SuMoTuWeThFrSa
     12
3456789
10111213141516
17181920212223
24252627282930
31      




Poll

Do you use microSD card with your phone?
or leave your own version in comments (4)