Let's face it: passwords are no longer secure enough for today's uses, with a never-ending onslaught of attacks succeeding far too often against a dated method of online security. People are generally horrible when it comes to choosing passwords, companies are equally bad at protecting their users and computers are becoming more powerful at cracking. It's the modern-day password problem.
Google believes that they have a solution to the problem, and it comes in the form of a very small USB authentication device known as the Yubico. With a slightly modified version of Chrome, when a user slides this tiny USB card in to a USB port on their PC it will automatically log them into their Google account. As the device is actually in the hands of the user it significantly reduces the chance of any unwanted external access to private accounts and sensitive data.
There are of course a few problems with Google's pilot project of these Yubico tokens, as if the small card is either lost or stolen it presents a security risk that could be greater than if you had simply used a password. Luckily, Google hopes to combine this tech with some form of simple on-computer authentication; Google VP of Security Eric Grosse says "We’ll have to have some form of screen unlock, maybe passwords but maybe something else" while the token will be the "primary authenticator".
Google also recognizes the daunting task at hand they have to get other websites in on a physical account authenticator such as the Yubico.
Others have tried similar approaches but achieved little success in the consumer world. Although we recognize that our initiative will likewise remain speculative until we’ve proven large scale acceptance, we’re eager to test it with other websites.
The protocol that they are using on the small USB device is apparently website-independent, so it's not just locked to providing a password for your Google account, and it's also software-free apart from requiring that your browser supports the hardware log-in method. Something such as this could potentially remove the need for long and complex passwords - which are basically required these days for maximum security - and imperfect two-step authentication.
If Google's pilot project is successful we may see a larger push from the tech giant to ditch passwords for this sort of USB key. Until then, please don't set your password as "password"; it only leads to disaster.
Source: Wired | Image via Google
58 Comments - Add comment