Sign In

Communications of the ACM

ACM TechNews

Google Declares War on the Password


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
USB-based log-on device

Google is running a pilot project to see if the USB-based Yubico log-on device might help it solve the password problem.

Credit: Google

Google's Eric Grosse and Mayank Upadhyay have published a research paper that explores hardware-based alternatives to the traditional password. "Passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe," say Grosse and Upadhyay. They envision a variety of solutions, ranging from cryptographic USB devices to smart card-embedded rings that would seamlessly log a user into their various online accounts without the need to enter a username or password.

"We'd like your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity," say Grosse and Upadhyay. They note that such a scheme would be extremely useful in defeating phishing attacks by replacing easily transmitted or stolen digital credentials with a single physical object.

However, Grosse and Upadhyay see several obstacles to such authentication solutions, namely a nearly total lack of support for them across most online services and Web sites. Another problem is that the sort of authentication tokens they envision would have to be closely guarded and reported missing if lost, which is a more cumbersome process than resetting a compromised password.

From Wired 
View Full Article

 

Abstracts Copyright © 2013 Information Inc., Bethesda, Maryland, USA


 

No entries found