Google is proposing various ways to avoid the need for long and numerous passwords.
One of the big problems surrounding identity theft and account hacking is that people tend to use poor passwords (AKA easy to figure out), and/or the same password across multiple accounts. To make matters worse, the typical web surfer has logins for numerous accounts ranging from social to banking to online shopping which typically hold credit card or other sensitive information.
That said, no one really wants to use hard-to-remember passwords with letters, capitals, numbers and symbols, and they definitely don't want to keep up with more than a few. Google totally understands this, and is aiming to eliminate the password altogether by developing a makeshift ring-finger authenticator. This is expected to not only alleviate the need to remember passwords, but make accounts even more secure.
"Along with many in the industry, we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe," Google Vice President of Security Eric Grosse and Engineer Mayank Upadhyay state in a new research paper. It's slated to be published later this month in the engineering journal IEEE Security & Privacy Magazine.
One of the new methods Google is proposing is a tiny YubiKey cryptographic card that can automatically log users into Google when slipped into a USB port. There's no software to download on the computer side – support will be built into Chrome. To set it up, the user simply loads the Chrome browser, log into Google, plug in the USB stick and register it with a single mouse click.
Google already incorporates the smartphone in its two-step authentication process. Every thirty days, a user is sent a special code that must be entered to verify the password. If you use a different browser or a different desktop/laptop/mobile device, another validation code is sent to the smartphone. In some cases, users must create application-specific passwords.
But using a YubiKey would make logging into Google much simpler. It would be even better if it used NFC technology so that users simply touch an NFC-compatible laptop or desktop. "We’d like your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity," the paper adds.
To read the full report on Google's move to remove passwords, check out Wired's report here.