RSS

The Bulletin

Google puts a ring on it to infuriate hackers, replace passwords

Posting in Technology

Declaring war on the humble password, Google's new invention turns a ring on your finger in to a security device.

Passwords. The delight of the script kiddie and our -- admittedly often lazy -- way to secure accounts ranging from Facebook to corporate systems. When some of the most common passwords we use worldwide include "qwerty," "ninja" and "password," it's no wonder tech giant Google believes that with the rising threat of cybersecurity, passwords simply don't cut it anymore.

So, what can we do about it? How about create password-replacing jewellery that would open your account through a system of authentication far more difficult to breach?

Set to be published this month in IEEE Security & Privacy Magazine, Google's research team have outlined a new type of ring-authentication device which could change the way we log in to websites in the future.

Google Vice President of Security Eric Grosse and Engineer Mayank Upadhyay say within the paper:

"Along with many in the industry, we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe. It's time to give up on elaborate password rules and look for something better."

Google already has two-step verification in place, but according to the team, not nearly enough people use the service. So instead, a ring springs to mind -- something that's with you and easy to carry.

In the future this could mean a ring could be used to log in to all of your accounts. The ring would be embedded with a USB-connectable token -- potentially including a YubiKey cryptographic card -- which you would then plug in to your computer, register yourself, and once identified be able to access any account you choose.

However, this kind of key isn't the only idea on Google's table. With the explosion in mobile technology, connecting from your smartphone is also another option. The researchers commented:

"Some more appealing form factors might involve integration with smart phones or jewellery that users are more likely to carry anyway. We'd like your smart phone or smartcard-embedded finger ring to authorise a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity."

There would need to be some kind of backup in case the key was lost or stolen, but would combining all of your accounts make things easier?

(via Wired)

Related:

— By on January 20, 2013, 1:19 AM PST

Charlie Osborne

Contributing Editor

Charlie Osborne is a freelance journalist and photographer based in London. In addition to SmartPlanet, she also writes for business technology website ZDNet and consumer technology site CNET. She holds a degree in medical anthropology from the University of Kent. Follow her on Twitter. Disclosure