Skip to main content

Forget that password, Google wants to replace it with USB keys and ‘smart rings’

Image used with permission by copyright holder

A quick glance through last year’s headlines is enough to tell you that typed-in passwords are not the stalwart security plan that they were in the early days of computing. Today, it’s too easy and commonplace for a popular site to be hacked and your personal information to become vulnerable. And gauging by the 2012 stats from SplashData, far too many people leave themselves open to attacks by choosing weak passwords

But what other options do we have? According to Wired, Google is looking for new choices beyond the current standard of passwords and cookies, and is researching using a physical key to lock and unlock your online things. One of the experiments by the search company includes a YubiKey cryptographic card that you simply slide into a USB port to log into Google. 

Recommended Videos

Google’s Vice President of Security Eric Grosse and Engineer Mayank Upadhyay wrote an article that’s due to appear in an upcoming issue of IEEE Security & Privacy Magazine about Google’s efforts to revitalize our password systems. They said the ideal system of protection would involve authenticating a single device, such as a YubiKey or a smartphone, that would be configured to grant you access to any of your online services. “We’d like your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity,” they wrote.

It’s one of those “we’re living in the future” ideas, but it isn’t without some serious hurdles. There would have to be an airtight backup plan in case the key got lost or stolen. And most importantly, other websites and online services would have to agree to support the system. Google’s browser has needed some tweaking to work with the key authentication, so several big players would need to jump on the bandwagon for the idea to really get off the ground. 

In the meantime, Google is working on some improvements to its existing two-step authentication process. In the current system, when you – or someone pretending to be you – signs in from an unfamiliar computer, a security code gets sent to your mobile phone that you need to enter in order to complete the login. This two-step approach is an improvement from just using a user name and password, but it still doesn’t protect against phishing. So Google has an addition in development from the key-based idea that would be independent of its own services. Removing the Google affiliation for the key system would get rid of the phishing concern as well as the need for support from other sites. It’s definitely a step in a safer direction. 

(Image via jakeliefer)

Anna Washenko
Former Digital Trends Contributor
Anna is a professional writer living in Chicago. She covers everything from social media to digital entertainment, from tech…
How to change your Outlook password
A person using Outlook on a Macbook.

If it's been a while since you last changed your Outlook password, you could be opening the door for hackers to access your account. Updating your password at frequent intervals is a great way to improve your online security, and Outlook makes it easy to take care of this important (yet, boring) administrative task.

Read more
How to remove an account from Google Smart Lock
A person using WhatsApp Messenger on his Android smartphone.

Google Smart Lock is a fancy bit of engineering that works across a variety of Google and Android platforms. When enabled and properly customized, it lets your devices automatically unlock in a variety of scenarios, such as keeping your phone unlocked when it detects you're at home. Better yet, it allows you to store Chrome browser passwords for easy access, along with a few other cool tricks.

Read more
How to find passwords on a Mac, MacBook, and Mac Mini
Passwords locked on Mac.

If you opt to use iCloud Keychain over one of the popular password managers, then you already know its major benefit: Your passwords sync across your Apple devices. For example, you can save a password on your iPhone and then access it on your Mac.

For the past few years, Apple has made it even easier to see saved passwords using System Preferences. For those who’ve decided not use the latest MacOS update, though, you can still find your passwords with Safari. Let’s take a look at how to do both.
Getting started finding passwords on Mac
Reading the above, you probably realized one thing: To see passwords on your Mac, you'll need to know your Mac's keychain password. In other words, you need a password to find your passwords! So, be sure to know or locate your Mac's keychain password before getting started.

Read more