Sometimes usernames and passwords are very hard to remember these days, with different online companies having different requirements for a good password - long, short, numbers, case sensitive etc. Then you would have to remember all these different passwords for doing different online things - email, bank, social media, Newspaper sites etc. Well Google hopes to remove these terrible thoughts by experimenting with different hardware that will act as your "online password", with examples being a smart ring for your finger, a cryptographic USB stick, or a token embedded in smartphones.
This idea is to hopefully prevent remote hackers from accessing your online-based accounts through the traditional stolen usernames and passwords. And unless they physically steal your login device, then there is no way that they will be able to gain entry.
One of the ways Google are experimenting with is a tiny Yubico cryptographic card that when you slide it into a USB reader, it will automatically log that person into Google. Modifications to Google's web browser was necessary to make it work with these cards, but no software download would be needed once browser support was there.
Passwords are a cheap way to authenticate users to their online accounts, but are not secure enough for today's internet.
Google Vice President of Security Eric Grosse and Engineer Mayank Upadhyay agrees: "Along with many in the industry, we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe."
"Passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe."
They [Eric Grosse and Mayank Upadhyay] also think that they'd like to make things even easier by making "your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity."
There are current methods that will allow this type of security, for example, a fingerprint scanner. These devices are made to track your finger with the highest precision available. (That is of course, talking about the good quality fingerprint scanners.) You can just swipe a finger on the device and it will automatically log you in to the respective service.. and the only way to gain access to your services would be if they physically cut your finger off!
The future may not exactly be password-free, but it will at be least free of those complex, hard-to-remember passwords, says Grosse. “We’ll have to have some form of screen unlock, maybe passwords but maybe something else,” he says, “but the primary authenticator will be a token like this or some equivalent piece of hardware.”
No comments:
Post a Comment