Google searching for hardware alternatives to passwords
Posted on 22 January 2013.
Passwords are on the way out, it seems. With current boom - and obvious success - of phishing, it's time to see what could be a better alternative to this flawed solution.


Despite having considerable success with the two-step login authentication option made available to its customers, Google is looking in the direction of hardware authentication, reports Wired.

In a research paper written by Google Vice President of Security Eric Grosse and Engineer Mayank Upadhyay and soon to be published in the IEEE Security & Privacy magazine, the two authors will explain some of the newest experiments the company conducted in technologies that might supplant the ever-present password.

Google has in mind physical tokens: USB sticks, cryptographic cards (such as that manufactured by Yubico), smartphones and perhaps even "smart" jewelry.

They also created a new protocol for device-based authentication, which works without the user having to install special software. The protocol is independent of Google, but requires the use of a web browser that supports it in order to work.

With this, authenticating to your email or any other online account would be as easy as plugging in the key or card, tapping your smartphone or using a smartcard-embedded finger ring.

Of course, there are flaws in this whole plan, too. Your token or smartphone can get lost or stolen. Also, the smartphone (at least) would also have to be protected by a screen unlock code - so technically, you'd still be forced to remember a password, but the positive thing is that it wouldn't be complex.

"Others have tried similar approaches but achieved little success in the consumer world. Although we recognize that our initiative will likewise remain speculative until we’ve proven large scale acceptance, we’re eager to test it with other websites,” they wrote, adding that they hope that other websites will also be eager to be included in the testing.






Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //