Google is joining the chorus of critics that say traditional passwords are no longer adequately secure. In a research paper to be published this month, two of the company's security experts write "we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe." Instead, as Wired reports, Google envisions a new form of authentication that would let users quickly sign into websites with the help of a minuscule USB key. Its researchers have been fiddling with YubiKey's cryptographic cards in particular, and have found that it takes only a few modifications to Chrome to get a seamless login process running smoothly. But Google wants things to be even easier than that — with eventual goals like fitting these physical security "tokens" into a ring on your finger, or perhaps integrating them directly within smartphones.
Tap your ring against a PC to sign in
Obviously for that to happen, the company will need to amass widespread support across the web. And it wants to lay the foundations for that mission fairly soon. "Although we recognize that our initiative will likewise remain speculative until we’ve proven large scale acceptance, we’re eager to test it with other websites.” A protocol has been created for this device-based authentication method, and it's said to work independently of Google, assuaging concerns of those who feel the company collects enough personal data as is. Don't expect passwords to be phased out anytime soon, but there's reason to believe we'll eventually be able to bid farewell to two-step authentication and randomized, impossible-to-remember logins.
We'll email you a reset link.
If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.
Choose an available username to complete sign up.
In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.