The days of trying to remember passwords and worrying about hacked accounts may be limited. Passwords have been somewhat effective in the past and are an easy way to authenticate web users, but they fall tragically short in security in today’s internet; and they always will.
According to a research paper from Google regarding the future of authentication on the web, the password problem could be solved with the aid of a USB -based Yubico log-on device. Google envisions a future where you only need to authenticate one device (with your smartphone, Yubico key, or perhaps wirelessly) and then use that similar to a car key to open up your webmail and other online accounts.
“Along with many in the industry, we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe,” state Google’s Eric Grosse and Mayank Upadhyay.
This small cryptographic device will automatically log in a user to Google using a new protocol (patent pending) for device-based authentication that will be independent of Google and will also prevent web sites from tracking users.
Other than requiring a browser that supports the technology, there is no additional software required and it could be as easy to use as tapping or swiping your card or key device the device you want to authenticate. In order for this new security standard to take hold, Google will need many other websites to get on board.
Two years ago, Google launched a two-step authentication option as part of their attempt to increase security for its users. The story of Mat Honan’s encounter with hackers, helped to inspire a quarter-million people to adopt the two step process. Google has not given any idea as to when we may see the new technology released.