Google is now in the process of taking steps toward removing password use and instead is pushing for user identification through hardware passkeys.
With more and more services expanding the use of password identification, even requiring the use of capital letters, numbers and symbols to increase security strength, it may seem that passwords are here to stay. Google on the other hand is taking another direction. Google Vice President of Security Eric Grosse and Engineer Mayanl Upadhyay are now gearing the search giant to a new password-defunct world. Their recommendations are indicated in a paper to be published in IEEE’s Security and Privacy magazine. Amongst the alternatives to passwords in the proposal include the use of cryptographic cards for USB dongles and even a ring as a passkey.
The overall thought of the paper is encapsulated in this thesis statement, “Along with many in the industry, we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe.”
In a pilot program, the search giant is now modifying its browser to utilize the proposed technology. A user would plug in a USB dongle to be allowed to log in. The ring on the other hand would allow the user to access either sites or even the machine itself.
The authors add, “We’d like your smartphone or smart card embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity.”
While this is now just an option and finding the Internet devoid of passwords would be next to impossible, using hardware as a means of verification is and would be the step in the right direction and not merely a leap of faith.