Google's Eric Grosse and Mayank Upadhyay have published a research paper that explores hardware-based alternatives to the traditional password. "Passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe," say Grosse and Upadhyay. They envision a variety of solutions, ranging from cryptographic USB devices to smart card-embedded rings that would seamlessly log a user into their various online accounts without the need to enter a username or password.
"We'd like your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity," say Grosse and Upadhyay. They note that such a scheme would be extremely useful in defeating phishing attacks by replacing easily transmitted or stolen digital credentials with a single physical object.
However, Grosse and Upadhyay see several obstacles to such authentication solutions, namely a nearly total lack of support for them across most online services and Web sites. Another problem is that the sort of authentication tokens they envision would have to be closely guarded and reported missing if lost, which is a more cumbersome process than resetting a compromised password.
View Full Article
Abstracts Copyright © 2013 Information Inc., Bethesda, Maryland, USA
No entries found