Google believes the age of the password is over.
"Along with many in the industry, we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe," wrote Google Vice President of Security Eric Grosse and engineer Mayank Upadhyay in a research paper that will be published later this month in IEEE Security & Privacy Magazine.
Of course, passwords have their problems, but are they obsolete?
They're hard to remember, especially as authentication servers require them to be more and more complicated to foil scammers, phishers, spammers and the general incompetence and forgetfulness of the average consumer.
And passwords can be lost or stolen, putting a victim's entire digital life into a criminal's virtual hands -- a life that becomes more real and essential every day.
Google, with its embrace of the cloud and online storage, has long been looking for better internet security options that don't hinder legitimate users or bog down seamless transactions of information or currency.
They've already instituted two-step login protocols, which require a user to receive and key in a code on their mobile phone when logging in from an unrecognized location.
That's currently voluntary, and adoption rates are low.
So what alternatives are there to passwords?
How about keys?
Everything in the physical world requires a physical key to access: houses, cars, lockers, bikes, businesses, mailboxes.
Why not email and bank accounts?
It's an odd shift, but Google is looking into electronic USB keys that, when plugged into a computer, automatically allow access to any accounts associated with that key.
So ideally, each individual would have their own key, and they'd plug it into whatever computer they were using at the time. When they leave, they take their key with them, just like house keys or car keys.
"We'd like your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity," wrote Grosse and Upadhyay.
"We'll have to have some form of screen unlock, maybe passwords but maybe something else, but the primary authenticator will be a token like this or some equivalent piece of hardware."
Obviously, that opens up other avenues for criminals. These days, if your wallet is stolen, your email is still safe. With a USB key attached to your key ring, everything is gone at once.
But until computers start testing DNA or reading retinas, it's better than trying to remember which combination of birthdates and childhood street names make up this particular password.
Personally, I just use my Social Security number. What could go wrong?
- Contribute to this Story:
- Send us a tip
- Send us a photo or video
- Suggest a correction
