Google and Passwords Are Never, Ever Getting Back Together
It’s official: Google is breaking up with passwords.
As our lives continue to move online, securing private of information is an increasingly difficult task. As I discussed last month, 2012 could be described as the year the password fell apart, with numerous high-traffic websites breached and millions of user credentials stolen. As a result, many companies have taken a stand against simple password security, arguing for a new strategy that goes beyond an 8-10 character phrase.
Google in particular believes they are on the way to an answer, and a paper on the topic is set to publish late this month. In it, Google engineers describe several ways people may end up logging into websites in the future, and many of their ideas build off two-factor authentication.
At its core, two-factor authentication requires a user to provide two of out of the three authentication factors: something you know, something you have, and something you are.
1. Something you know: This is something you remember, like a PIN, password, or pattern you swipe on your mobile phone.
2. Something you have: This is a physical object that you can keep with you, like an ATM card, key fob, or USB device.
3. Something you are: This is something that is a part of you, like your fingerprint, or the pattern of your eye’s iris.
Google already practices two-factor authentication by linking users’ mobile phones to their accounts, which means that anyone trying to gain unwarranted access to your Gmail account would also need your mobile phone to get in. But even with these two barriers, hackers are still fairly successful at breaking the system to gain access.
In response, Google is experimenting with ways to eliminate passwords entirely, moving towards the “something you have” part of the authentication equation. One proposal involves device-assisted security, wherein users would carry small USB devices or even wear encrypted rings that would require a simple tap on the computer to access an entire range of accounts.
One Ring to Protect Them All
But while device-assisted security certainly has the potential to provide users with privacy peace of mind, time will tell if a system like this gets adopted on a large scale. As with any new system, user adoption is based on trust, ease of use, and accessibility, and Google has a long road ahead if they want to make “smart rings” the passwords of the future.
Do you have a hard time remembering your passwords? If so, would you switch over to a device-based system?
Let us know in the comments below or on Twitter with @McAfeeConsumer, and be sure to check out more information on McAfee SafeKey if you answered yes to either of those questions. SafeKey is already included in your McAfee All Access subscription, and it allows users to manage all usernames and passwords across devices, so you can securely log in on any website with just one click.