Will tiny gadgets replace passwords? Google thinks so
It may be quick, easy, and free to use your email and an ordinary password to log into things, but it's not as secure as it used to be — and who wants to remember a bunch of passwords anyway? In a new paper, Google engineers describe some futuristic security options.
Eric Grosse and Mayank Upadhyay, in a paper to be published later this month in IEEE Security and Privacy Magazine, explain that the world is getting too complicated for the old username/password combo to be effective anymore.
Wired got a peek at the paper, which describes a couple new methods. One that's easy enough to deploy widely is to use a tiny, unique USB key, like the Yubico pictured here, that contains a special cryptographic code that identifies you to online services.
Such a device would help with what's called multiple-factor authorization: When you log into a site from a new computer with the correct username and password, the site might text your phone or do some other secondary check to make sure it's really you. The Yubico key does this simply and could be implemented into browsers and websites fairly easily.
Another option would be to have something on your body at all times, like a ring, that has a tiny wireless chip embedded in it. You could just tap it on the computer and it would know that you were indeed right there, using that computer to log into your email or cloud service.
Of course, in either case, if you lost your gadget or someone stole it, they've got a pretty important piece of your online security, and you'd have to get it cancelled in short order — but that risk, in Grosse and Upadhyay's opinion, is worth it for the benefits.
The problem is that people tend to do only what's required of them, and won't move to a more sophisticated system like this until there's a very good reason to do so — apart from the phantom threat of being hacked.
Once a few of the major Web browsers and Internet services support a few of these new methods (Google is working on making Chrome work seamlessly with the Yubico key), setup could be as simple as buying a $5 dongle.