Google Aims To Eliminate Need For Passwords, Looks To Cryptography

rated by 0 users
This post has 4 Replies | 0 Followers

Top 10 Contributor
Posts 24,935
Points 1,118,650
Joined: Sep 2007
ForumsAdministrator
News Posted: Sat, Jan 19 2013 1:47 PM
Most of us have dozens of passwords to remember, including for multiple email accounts, Google, Facebook, online banking and credit card accounts, services like Dropbox and Evernote, and on and on, and it’s simply a pain. It can be difficult to create a strong password that you’ll actually remember, and it’s not smart to use the same password for multiple accounts, so you end up with dozens of complex passwords that are as unique as snowflakes.

Worse, even with good passwords, you can still be cracked, hacked, or phished. Security measures such as two-factor authentication help, but facing two or three screens before you can log into to your checking account is time-consuming and annoying.

Google cryptography
Secure USB key (Image credit: Google, via Wired)

Google is tackling this issue by looking into using cryptography. According to Wired, which apparently got a sneak peek at a paper a pair of high-ranking Googlers will soon be publishing in IEEE Security & Privacy Magazine, that could include USB cryptography cards, a smart card-embedded ring, or authenticated devices such as your smartphone to securely log in to your online accounts.

Wired compares devices like a cryptographic USB card or authenticated smartphone to a “car key” for your online life; without it, nothing can start. (Unless, to follow the metaphor, you get hotwired.)

While a USB card would be a physical key of sorts, other devices such as a smart ring would use some sort of wireless protocol, which Google is reportedly developing. Wired says that the protocol would not be a Google product per se, indicating that it would work on any site that implements the measure.

This technology can’t come soon enough. Hopefully in just a few years we’ll be laughing about the bad old days of usernames and passwords.
  • | Post Points: 50
Top 10 Contributor
Posts 8,446
Points 102,230
Joined: Apr 2009
Location: Shenandoah Valley, Virginia
MembershipAdministrator
Moderator
realneil replied on Sat, Jan 19 2013 8:24 PM

Laugh until someone steals this little gizmo and digitally rapes you.

Don't part with your illusions. When they are gone you may still exist, but you have ceased to live.

(Mark Twain)

  • | Post Points: 5
Top 100 Contributor
Posts 902
Points 8,350
Joined: Mar 2012
Location: LA, CA
sevags replied on Sat, Jan 19 2013 8:31 PM

Exactly!!!!!! Keys work great for cars if you lose your keys it almost never means that you will be losing your car or its contents as well. I have a spare at the house, you can het a ride from a friend, taxi, bus, and it becomes a huge inconvenience to lose cars keys... Losing your cellphone or a secure key card like this and on could be SCREWED risking access to all your information, and what if you lose it while on a business trip and can't access files you need for work etc. Almost 10 years ago Paypal introduced a digital keyfob that generated a pass key every X hours for free so I ordered it tried it out and a week into it forgot th keyfob at home and had no way of accessing the addresses I needed to ship items. I deactivated the fob and went back to good ol' passwords.

  • | Post Points: 5
Top 10 Contributor
Posts 5,048
Points 60,675
Joined: May 2008
Location: U.S.
Moderator
3vi1 replied on Sun, Jan 20 2013 12:33 AM

Here's my solution: Instead of a stupid ****ing key that will *always* be in the laptop, do this:

A program that syncs between the laptop BIOS and your smardphone. When your phone is in range = good. When not in range and answering the crypto correctly... sleep mode. Then, if someone steals your computer, they get a brick with a password-protected BIOS and full-drive encrypted system.

Have the syncing process generate a 64-digit key that people can manually enter if their phone dies or is stolen. They can write this down and keep it in their fire-safe at home.

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

  • | Post Points: 20
Top 500 Contributor
Posts 227
Points 1,740
Joined: Nov 2012
ForumsAdministrator
Moderator
scolaner replied on Tue, Jan 22 2013 10:21 AM

Good points, but the whole idea is that the "key" stays with you the user, not with your computer, be it a ring or an authenticated smartphone. The idea you propose is, as far as I can tell, exactly what Google is looking at doing with the ring--which, IMO, is a way better idea than using a smartphone. (Rings tend to stay on your fingers. Smartphones tend to get lost or stolen.)

  • | Post Points: 5
Page 1 of 1 (5 items) | RSS