“We feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe,” Google vice-president of security Eric Grosse and engineer Mayank Upadhyay write in a research paper to be published by the end of January 2013, according to the Wired magazine.
The engineers believe that the current strategies to prevent the hijacking of online accounts, including the two-step identity verification system, are insufficient, partly due to the constant threat of attacks that exploit new bugs.
At the core of Googles proposal is the use of an encrypted USB-like device to log into password-protected websites and online accounts. According to Grosse and Upadhyay, cited by Wired, Google is currently experimenting with YubiKey, a USB stick that implements “one time pad” cryptography to log in to Google services, as a replacement for passwords.
In the research paper, the two security experts envision a future in which the main way of guaranteeing people are who they say they are online is the possession of a physical token (authentication device), incorporated in smartphones or even jewellery. The device would be able to authorize a new computer for use with a single tap, even in situations in which the phone might be without cellular connectivity.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now