I agree with Google's sentiment that passwords are a thing of the past
When I say “thing of the past” I don’t mean that the world is golden and nobody uses them anymore because we all trust each other not to do anything malicious should an unauthorized party get their hands on our phone. I mean “thing of the past” as in they just don’t work anymore; they’re too easily broken into and are extremely prone to hackers even more now as time has allowed them to develop better and stronger programs.
If a virus becomes resistant to a certain medicine, it’s because the virus has adapted to the environment and has evolved for survivability. Hackers are very much the same way – you don’t want them around, but without changing the formula of the “medicine” (in this case, passwords) there’s really not much you can do about them if they set their sights on you. So what’s the solution? To change the very nature of how passwords work; which is exactly what Google’s security team is aiming to do.
Later on this month, Google is set to publish an article in IEEE Security & Privacy Magazine outlining the details of a new method of security by use of a ring on your finger, but not just any old ring. This ring would be equipped with a special chip that would be used for authentication of authorized persons on a device. To describe the ring and what it would do a little more thoroughly, in Google’s words:
“We’d like your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity,”
While the “ring” itself is still in development, currently the company is experimenting with a tiny Yubizo cryptographic that can automatically log a person into Google once the device is inserted into a USB reader.
The hope is for the method to gain enough support to be a mainstream security method for the future of the internet. For this to work, other websites will need to be used as pawns. While several attempts at similar methods of changing the face of security have been made, clearly none have succeeded as most of us still use the same song and dance to get access to our personal accounts.
That being said, this device doesn’t come without risks. Should your personal “security device” (in whatever form it may come in) get stolen you’re probably going to have a hard time getting it back. I think as long as this device is considered as personal as a cellphone, we should have a way of remotely wiping the device in an emergency. Perhaps that’s one area where passwords would still be necessary, as you wouldn’t be able to log in to wipe a stolen device if your device has been, well, stolen.
I think if Google plays their cards right, this new technology could become mainstream. The concept is good, but the details definitely still need to be worked on. I’ll be keeping my eye out for the article to read more on it, but so far this teaser has sparked my interest enough to see where this idea goes.
What do you think of Google’s new “key” to your privacy? Would it be something you’d be interested in? Let me know your thoughts on this new security method in the comments!
Image via Google