Google is Pushing to Kill Passwords

One of the big problems surrounding identity theft and account hacking is that people tend to use poor passwords (AKA easy to figure out), and/or the same password across multiple accounts. To make matters worse, the typical web surfer has logins for numerous accounts ranging from social to banking to online shopping which typically hold credit card or other sensitive information.

That said, no one really wants to use hard-to-remember passwords with letters, capitals, numbers and symbols, and they definitely don't want to keep up with more than a few. Google totally understands this, and is aiming to eliminate the password altogether by developing a makeshift ring-finger authenticator. This is expected to not only alleviate the need to remember passwords, but make accounts even more secure.

"Along with many in the industry, we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe," Google Vice President of Security Eric Grosse and Engineer Mayank Upadhyay state in a new research paper. It's slated to be published later this month in the engineering journal IEEE Security & Privacy Magazine.

One of the new methods Google is proposing is a tiny YubiKey cryptographic card that can automatically log users into Google when slipped into a USB port. There's no software to download on the computer side – support will be built into Chrome. To set it up, the user simply loads the Chrome browser, log into Google, plug in the USB stick and register it with a single mouse click.

Google already incorporates the smartphone in its two-step authentication process. Every thirty days, a user is sent a special code that must be entered to verify the password. If you use a different browser or a different desktop/laptop/mobile device, another validation code is sent to the smartphone. In some cases, users must create application-specific passwords.

But using a YubiKey would make logging into Google much simpler. It would be even better if it used NFC technology so that users simply touch an NFC-compatible laptop or desktop. "We’d like your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity," the paper adds.

To read the full report on Google's move to remove passwords, check out Wired's report here.

 

Contact Us for News Tips, Corrections and Feedback

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
34 comments
    Your comment
    Top Comments
  • Anonymous
    I prefer using the "Middle Finger Authenticator" method
    22
  • pocketdrummer
    What happens when you lose the USB key?
    16
  • mousseng
    "no one really wants to use hard-to-remember passwords with letters, capitals, numbers and symbols"

    Then don't. :l
    11
  • Other Comments
  • mousseng
    "no one really wants to use hard-to-remember passwords with letters, capitals, numbers and symbols"

    Then don't. :l
    11
  • Vorador2
    You can use KeePass, even using a file as password.
    6
  • tirvon
    This is a good idea, until people learn to steal the usb identities on public computers like they have been credit cards, by placing scanner devices over the magnetic strip readers on ATMs, and saving the person's card's data. Now all they have to do is copy that info. onto a frash drive, and plug it into a pc while logging into chrome and "hey look, my email got hacked....again."
    8