Thursday, February 7, 2013

Google Exploring Ways to Deal with Password Security Issues

Google USB Key.jpg
 
The reality is, passwords are not secure.  Not anymore.  If you don't believe me, read this article from Wired writer Mat Honan.  He is a tremendously gifted tech writer and a smart guy (not that I know him personally, but I do love and read what he writes).  In a nutshell, Mat had several accounts hacked this summer using some fairly easy tricks and social engineering.  He ended up losing tons, if not all, of his digital stuff.
 
We are all forced to keep an ever-growing list of passwords.  Many of us keep them on a piece of paper which we keep hidden away somewhere.  Of course, what if that paper is lost or, even worse, stolen?  You're pretty much toast either way.  Or… you could keep them in a file in The Cloud.  But what if The Cloud gets hacked?  Last week Twitter announced that 250,000 users had their data compromised.  It seems every week there is some type of story hitting the Net about a company getting hacked and hemorrhaging copious amounts of user data.
 
Google is an amazing brain trust.  In addition to ruling search, they also spend a great deal of time researching new ideas and technology.  Google Maps is just one small example of that.
 
Not is response to the dire situation that Mat Honan experienced this past summer, but in response to a noted need for better security, Google is looking at ways to make the password in reality the "pastword".  
 
How you ask?  Here's the answer, quoted directly from an article written by Google’s Vice President of Security Eric Grosse and Engineer Mayank Upadhyay:
 
“We’d like your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity.”
 
It's a pretty interesting idea.  Imagine a ring (I like this idea *much* better than a phone) that you never take off that is your golden ticket identifier.  This idea, of a single identifying device, is a great one.  The phone?  I've lost a phone in my day… no way am I trusting my digital life to one.  A ring?  I'd have that sucker welded to my finger.
 
This concept, and others, are going to be discussed in the next issue of IEEE Security & Privacy Magazine.  The article that Grosse and Upadhyay wrote will be appearing there.  Many concepts are being studied and really a lot of this stuff isn't "pie in the sky" or years away in development.  I'd like nothing better than to not have to remember all those passwords or be adding to that list I have hidden away on a legal pad somewhere.  What about you?

Post a Comment