Skip to main content

Forget that password, Google wants to replace it with USB keys and ‘smart rings’

Image used with permission by copyright holder

A quick glance through last year’s headlines is enough to tell you that typed-in passwords are not the stalwart security plan that they were in the early days of computing. Today, it’s too easy and commonplace for a popular site to be hacked and your personal information to become vulnerable. And gauging by the 2012 stats from SplashData, far too many people leave themselves open to attacks by choosing weak passwords

But what other options do we have? According to Wired, Google is looking for new choices beyond the current standard of passwords and cookies, and is researching using a physical key to lock and unlock your online things. One of the experiments by the search company includes a YubiKey cryptographic card that you simply slide into a USB port to log into Google. 

Google’s Vice President of Security Eric Grosse and Engineer Mayank Upadhyay wrote an article that’s due to appear in an upcoming issue of IEEE Security & Privacy Magazine about Google’s efforts to revitalize our password systems. They said the ideal system of protection would involve authenticating a single device, such as a YubiKey or a smartphone, that would be configured to grant you access to any of your online services. “We’d like your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity,” they wrote.

It’s one of those “we’re living in the future” ideas, but it isn’t without some serious hurdles. There would have to be an airtight backup plan in case the key got lost or stolen. And most importantly, other websites and online services would have to agree to support the system. Google’s browser has needed some tweaking to work with the key authentication, so several big players would need to jump on the bandwagon for the idea to really get off the ground. 

In the meantime, Google is working on some improvements to its existing two-step authentication process. In the current system, when you – or someone pretending to be you – signs in from an unfamiliar computer, a security code gets sent to your mobile phone that you need to enter in order to complete the login. This two-step approach is an improvement from just using a user name and password, but it still doesn’t protect against phishing. So Google has an addition in development from the key-based idea that would be independent of its own services. Removing the Google affiliation for the key system would get rid of the phishing concern as well as the need for support from other sites. It’s definitely a step in a safer direction. 

(Image via jakeliefer)

Anna Washenko
Former Digital Trends Contributor
Anna is a professional writer living in Chicago. She covers everything from social media to digital entertainment, from tech…
Microsoft Copilot vs. Google Duet: battle of the next-gen AI smart assistants
Microsoft's AI Copilot being used in various Microsoft Office apps.

Microsoft Copilot and Google Duet are the two most prominent artificial intelligence assistants put out by the various tech giants since OpenAI debuted its ChatGPT chatbot in 2022. They're set to bring that powerful natural language assistance into the enterprise in ways that can enhance productivity, improve the digital fluency of workers, and leverage existing data in new and exciting ways.

But which one is best? Both offer comparable features at a comparable cost, but they aren't interchangeable and even getting access to either tool requires a bit of luck. Here's how these two awesome AI tools compare.

Read more
Chrome is making a key change to protect you from phishing
Google Chrome with pinned tabs on a MacBook on a table.

Phishing campaigns -- where a fraudulent website or email is made to look like it comes from a legitimate source -- have caused a huge amount of destruction, leading to untold numbers of virus infections and money lost through scams. Google has just rolled out a powerful way to fight phishing in its Chrome browser, however, and it could help you avoid falling victim.

As part of Chrome’s 15th-anniversary update, Google will be pushing its Enhanced Safe Browsing feature to all users in the coming weeks. This checks website URLs against a list of malicious sites stored on Google’s cloud servers, all in real time. If a match is found, the website is blocked and a warning is displayed to users.

Read more
Chrome has a security problem — here’s how Google is fixing it
Google Chrome icon in mac dock.

Google is looking to get ahead of high-severity vulnerabilities on its Chrome browser by shortening the time between security updates.

The brand hopes that more frequent updates will give bad actors less time to access and exploit n-day and zero-day flaws found within Chrome browser code.

Read more