Google duo says it's time to get past the password

Yubico USB
A YubiKey from Yubico

Hate remembering your password? Well, apparently Google isn't that big a fan of those cryptic codes either.

Two Google employees have even gone so far as to declare war on the password. Well, they may not be sharpening any bayonets, but they have written a paper on the matter.

And honestly, many wars start with a sternly worded letter.

The paper by Google Vice President of Security Eric Grosse and Engineer Mayank Upadhyay is due to be published later this month in engineering journal, IEEE Security & Privacy Magazine.

"Along with many in the industry, we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe," Grosse and Upadhyay wrote in the paper, according to Wired.

Security key

We've all seen the problems with passwords. They can be hard to remember and easily stolen without the user's knowledge. Hackers have developed several methods to trick people into giving up their passwords or circumvent the system.

That is why the team seems to favor physical solutions to the password problem - like a device that will log users into their accounts automatically by physically interacting with a computer.

A few ideas include a USB key like those created by security company Yubico, or a smartcard-embedded ring that logs users onto their email accounts just by tapping it to a computer.

According to Wired, the duo is tinkering with a cryptographic card from Yubico that slides into a USB reader, allowing users to automatically log into Google.

Grosse and Upadhyay want the functionally to work with these types of authentication devices and blend into the fabric of web browsers. That way users won't have to download any additional software to make the technology work.

Users would have to log into their accounts and could authenticate the device with just one click. After that, the device would automatically log users onto their accounts when it's near or plugged into a computer.

Password unprotected

Grosse and Upadhyay aren't alone in the matter. Google has always attempted to make their accounts more secure.

"We're focused on making authentication more secure, and yet easier to manage," a Google spokesperson told TechRadar.

"We believe experiments like these [Grosse and Upadhyay research] can help make login systems better."

Two years ago, Google tried to make the authentication process more secure by introducing optional two-factor protection. When enabled, Google sends users a text message with a secret pin whenever they try to log onto their account from a new computer.

It's pretty strong, but the system isn't perfect. Clever hackers have still found ways to trick people into giving up those secret pins.

That is why Grosse and Upadhyay dream of a future where that authentication is backed up by a physical device that only the account holder should own.

That physical device won't be the perfect solution, and the password will never be completely defeated. If the key is lost or stolen, users will still have to know their password to recover their profile.

Also, some sort of password should be needed to make major changes to one's account, according to the two Google employees.

But the days of trying to remember which letter you capitalized or special characters you need to get into your Gmail may soon come to an end.

Via Wired

TOPICS