Google Wants to Replace Passwords with a Cryptographic Ring

Passwords are unsafe because they're too complicated, Google thinks

By on January 18th, 2013 20:11 GMT

Online security, in case it's not obvious enough, is more important than ever. More people do more things online than ever before and their numbers are growing. There's more to be gained from stealing passwords, breaking into accounts and so on and, even as security measures get better, hackers become more determined.

One of the big weak spots in online security are passwords. The idea of passwords and the technology around them are not the problems, people having to remember long, complicated passwords, different for each account they use, is.

In most cases, instead of dealing with the hassle, people just use the same simple password over and over again. Educating people on why that's dangerous and what they can do to better protect themselves is great, but it's not the solution.

The solution, Google thinks, is a small USB key that stores your online credentials, or maybe a ring or even your phone.

In any case, a physical token that not only alleviates the problem of having to deal with multiple passwords, login screens and so on, but which also can't be copied easily. Someone can "steal" your password from half a world away, but they can't take a USB key in your pocket.

In a new research paper to be published later this month, Google's security team lists some of the ways a physical token could work. They've even come up with a protocol to be used by these devices for authentication.

The team set about modifying Google Chrome to work with a YubiKey, a cryptographic USB card that can already be used for password management. With the modifications, Chrome worked with the YubiKey automatically, no configuration needed.

In the future though, Google thinks things could be even simpler and completely wireless, a ring on our finger could act as your authentication device, or even your phone.

Comments

One of the modified keys Google used in its testing
   One of the modified keys Google used in its testing