A Momentary Flow

Updating Worldviews one World at a time

MOUNTAIN VIEW, California — Want an easier way to log into your Gmail account? How about a quick tap on your computer with the ring on your finger?
This may be closer than you think. Google’s security team outlines this sort of ring-finger authentication in a new research paper, set to be published late this month in the engineering journal IEEE Security & Privacy Magazine. In it, Google Vice President of Security Eric Grosse and Engineer Mayank Upadhyay outline all sorts of ways they think people could wind up logging into websites in the future — and it’s about time.
2012 may have been the year that the password broke. It seemed like everyone on the internet received spam e-mail or desperate pleas for cash — the so-called “Mugged in London” scam — from the e-mail accounts of people who had been hacked. And Wired’s own Mat Honan showed everyone just how damaging a hack can be.
The guys who hacked Honan last August deleted his Gmail account. They took over his Twitter handle and posted racist messages. And they remote-wiped his iPhone, iPad, and laptop computer, deleting a year’s worth of e-mails and photographs. In short, they erased his digital life.
Passwords are a cheap and easy way to authenticate web surfers, but they’re not secure enough for today’s internet, and they never will be. 
Google agrees. “Along with many in the industry, we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe,” Grosse and Upadhyay write in their paper.
Thus, they’re experimenting with new ways to replace the password, including a tiny Yubico cryptographic card that — when slid into a USB (Universal Serial Bus) reader — can automatically log a web surfer into Google. They’ve had to modify Google’s web browser to work with these cards, but there’s no software download and once the browser support is there, they’re easy to use. You log into the website, plug in the USB stick and then register it with a single mouse click.
They see a future where you authenticate one device — your smartphone or something like a Yubico key — and then use that almost like a car key, to fire up your web mail and online accounts.
In the future, they’d like things to get even easier, perhaps connecting to the computer via wireless technology.

MOUNTAIN VIEW, California — Want an easier way to log into your Gmail account? How about a quick tap on your computer with the ring on your finger?

This may be closer than you think. Google’s security team outlines this sort of ring-finger authentication in a new research paper, set to be published late this month in the engineering journal IEEE Security & Privacy Magazine. In it, Google Vice President of Security Eric Grosse and Engineer Mayank Upadhyay outline all sorts of ways they think people could wind up logging into websites in the future — and it’s about time.

2012 may have been the year that the password broke. It seemed like everyone on the internet received spam e-mail or desperate pleas for cash — the so-called “Mugged in London” scam — from the e-mail accounts of people who had been hacked. And Wired’s own Mat Honan showed everyone just how damaging a hack can be.

The guys who hacked Honan last August deleted his Gmail account. They took over his Twitter handle and posted racist messages. And they remote-wiped his iPhone, iPad, and laptop computer, deleting a year’s worth of e-mails and photographs. In short, they erased his digital life.

Passwords are a cheap and easy way to authenticate web surfers, but they’re not secure enough for today’s internet, and they never will be.

Google agrees. “Along with many in the industry, we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe,” Grosse and Upadhyay write in their paper.

Thus, they’re experimenting with new ways to replace the password, including a tiny Yubico cryptographic card that — when slid into a USB (Universal Serial Bus) reader — can automatically log a web surfer into Google. They’ve had to modify Google’s web browser to work with these cards, but there’s no software download and once the browser support is there, they’re easy to use. You log into the website, plug in the USB stick and then register it with a single mouse click.

They see a future where you authenticate one device — your smartphone or something like a Yubico key — and then use that almost like a car key, to fire up your web mail and online accounts.

In the future, they’d like things to get even easier, perhaps connecting to the computer via wireless technology.

Notes

  1. queenoftheroadkills reblogged this from kalesatin
  2. squrcup reblogged this from kalesatin
  3. tokoeka reblogged this from wildcat2030
  4. deliciousexmachina reblogged this from wildcat2030
  5. yycyegyul reblogged this from wildcat2030
  6. next-wireless reblogged this from wildcat2030
  7. simloovoo reblogged this from wildcat2030
  8. interfaceaddict reblogged this from wildcat2030
  9. sconesandteaforall reblogged this from wildcat2030
  10. republicofideas reblogged this from wildcat2030
  11. wookie21 reblogged this from wildcat2030 and added:
    Omg
  12. bennyhoneybee reblogged this from wildcat2030
  13. scarrollyouaway reblogged this from wildcat2030
  14. derekdla reblogged this from emilyokn
  15. emilyokn reblogged this from ruzama
  16. philip21 reblogged this from wildcat2030
  17. yeah-its-science reblogged this from wildcat2030
  18. themacbro reblogged this from wildcat2030
  19. everythinghasafandom reblogged this from wildcat2030
  20. weed-sexx-psychology reblogged this from wildcat2030 and added:
    Sounds interesting enough
  21. mc-delta-t reblogged this from wildcat2030
  22. palmers-medic reblogged this from wildcat2030
  23. kimmie-science-of-makeup reblogged this from wildcat2030
  24. mrcapito reblogged this from wildcat2030
  25. eonsofions reblogged this from wildcat2030