One Ring To Replace Them All (Passwords, That Is)
What’s the Latest Development?
In an upcoming IEEE Security & Privacy Magazine paper, Google security team members Eric Grosse and Mayank Upadhyay describe their research on hardware solutions to the problem of online security. One of their ideas is a small key that, when put into a USB port, logs the user in. Another one involves embedding a smartcard into a ring that can be tapped against a computer to send login data wirelessly. They have also created an authentication protocol that is Google- and browser-independent; if enough sites support it, “people mostly won’t need strong passwords, except in rare occasions — when they’re making significant changes to their account, for example.”
What’s the Big Idea?
With data collection becoming more widespread, and hacking techniques growing more sophisticated, it’s a busy time for security experts in a variety of disciplines. Grosse and Upadhyay write, “[W]e feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe.” A physical login device could work “almost like a car key” for the Internet…but it would have to be kept safe, just like a car key. “[I]f someone steals your card or your smart-ring, you’d better report it stolen pretty quickly.”
Photo Credit: Shutterstock.com
