14 DAY TRIAL // Google is moving forward with its quest to get rid of the password. Google already has one of the most advanced and secure login systems of all the major websites and has always been first to adopt or implement security features.
But just making passwords more secure is not enough, passwords themselves are problematic. Getting rid of them altogether would be a much better solution.
There are several proposed or existing alternatives to passwords, but none have stood out as a legitimate viable option.
Google has now joined the FIDO Alliance, a group of companies that is working on an authentication method which eschews the password.
There have been some rumors about Google working on an authentication device, something like a USB stick for example, and this is what FIDO, which stands for Fast IDentity Online, specializes in.
FIDO is working on a standard way of providing authentication online. It doesn't necessarily have to do with the device or method used for the authentication, but with the way in which websites can request authentication and in which users can provide it.
"Joining the FIDO Alliance is a great way to increase industry momentum around open standards for strong authentication," Sam Srinivas, who leads information security at Google, said.
"We look forward to continuing our current development work on strong, universal second-factor tokens as part of a new FIDO Alliance working group," he added.
In practice, users would have an authentication device, which could be a USB device with a key or a fingerprint scanner or anything else of the sort.
The unique key provided by the device would be used by websites to provide access. This key would be hard to spoof and harder to obtain.
Smaller sites would be able to rely on authentication from a provider, like Google, rather than on the USB device. The advantage for users is that they won't have to remember passwords for each and every site.