When is a password not a password? Google is trying to find out.
Google’s gurus are researching futuristic technology, that could mean you can log into your Internet simply by tapping your PC with a ring on your finger, as reported in Wired.
“Along with many in the industry, we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe,” says Eric Grosse, Google Vice President of Security and Engineer Mayank Upadhyay.
“We’d like your smartphone or smartcard-embedded finger ring to authorise a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity.”
The Google research was revealed in IEEE Security & Privacy Magazine, as Grosse andUpadhyay detailed one such project they are working on – a tiny Yubico key, which basically with a single swipe logs you into your email and other Internet accounts thanks to a cryptographic card, which can be inserted to USB port.
Research firm Deloitte predicts the end of strong password-only security in 2013 and says more than 90% of user-generated passwords will be vulnerable to hacking ‘in a matter of seconds,’ it said in a report this week.
“As smartphone adoption increases, and the value of data continues to grow, the incentive to hack has never been greater,” said Deloitte’s Australia lead Telecommunications Partner, Stuart Johnston.
For a long time, eight character passwords have been thought to be highly secure -with the 94 characters available on a standard keyboard, there are 6.1 quadrillion possible combinations. With this number, it would take a powerful computer about a year to try every variation.
However, human factors combine to significantly reduce the number of combinations people actually use. A recent study of six million passwords found that the 10,000 most common would have accessed 98.1% of accounts.
And many Internet users have the same passwords for multiple accounts – Gmail, Facebook and other web logins.
“We’ll have to have some form of screen unlock, maybe passwords but maybe something else,” writes Grosse, “but the primary authenticator will be a token like this or some equivalent piece of hardware.”
So, we may no longer will need to remember our multiple passwords, just not to lose that darn key.