Web & Social
Google is joining the chorus of critics that say traditional passwords are no longer adequately secure. In a research paper to be published this month, two of the company's security experts write "we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe." Instead, as Wired reports, Google envisions a new form of authentication that would let users quickly sign into websites with the help of a minuscule USB key. Its researchers have been fiddling with YubiKey's cryptographic cards in particular, and have found that it takes only a few modifications to Chrome to get a seamless login process running smoothly. But Google wants things to be even easier than that — with eventual goals like fitting these physical security "tokens" into a ring on your finger, or perhaps integrating them directly within smartphones.
Tap your ring against a PC to sign in
Obviously for that to happen, the company will need to amass widespread support across the web. And it wants to lay the foundations for that mission fairly soon. "Although we recognize that our initiative will likewise remain speculative until we’ve proven large scale acceptance, we’re eager to test it with other websites.” A protocol has been created for this device-based authentication method, and it's said to work independently of Google, assuaging concerns of those who feel the company collects enough personal data as is. Don't expect passwords to be phased out anytime soon, but there's reason to believe we'll eventually be able to bid farewell to two-step authentication and randomized, impossible-to-remember logins.