From passwords to ID tokens?
Google security experts have outlined an idea to replace our passwords with a so called YubiKey or ID token.
As our web activities are ever increasing we need to remember ever more passwords and log in names to make use of certain web services. But this could become something of the passed as Google is working on a ID device with which you’d be able to confirm your identity online.
In a reasearch paper Google experts have explained the idea of a new way of letting websites know that you are you, with the help of a physical token, perhaps embedded into a smartphone or even into a ring or other common object.
Common passwords are becoming more and more insecure and cause of the amount of passwords we need to remember also rather impractical.
“We’d like your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity,” the Google employees explained.
Grosse and Upadhyay said they are currently experimenting with a so called YubiKey, a tiny USB stick that implements highly secure “one time pad” cryptography to log in to Google services, as a replacement for passwords. In the future, they want similar authentication technology to work wirelessly and across all of a person’s online accounts.
“We’ll have to have some form of screen unlock, maybe passwords but maybe something else,” Grosse said, Wired reports. “But the primary authenticator will be a token like this or some equivalent piece of hardware.”
Security experts have pointed to the problems with passwords for many years, and suggested alternatives, but none of them have seen wide spread adoption because they would require web services to adopt new security standards.
Grosse and Upadhyay’s research paper is attracting attention because they are coming from the world’s biggest web company, it may stand a better chance of success.
Microsoft founder Bill Gates predicted the death of passwords at a security conference in 2004, sadly we’re still typing in passwords online every day. Perhaps Google will be able to change what others in the passed could not.