37 
Passwords are long and complicated and hard to remember. And that’s only if they’re good passwords. No matter how you slice it, passwords are annoying and on top of that, they’re not even all that secure. Google knows that all too well, and it’s pushing for the next big thing. A ring maybe. Like, for your finger.
Google’s been getting behind two-step verification for a while, and although that’s more secure than a standard password, it’s also more annoying. Hardly a perfect solution. In a paper to be published later this month in IEEE Security & Privacy Magazine, Google’s President of Security Eric Grosse and Engineer Mayank Upadhyay are pitching alternatives like cryptographic card for your USB, or some kind of (presumably NFC) ring.
Google’s got some software in the making that’d allow this kind of stuff to log you into a browser without involving any sort of software in the middle, just you and your browser. But even in the best possible future, it won’t kill passwords completely. So long as your little key can be separated from you, you’ll have to have a PIN or something, and the more conveniently short the PIN, the more important it is you don’t loose that key. Still, it beats straight passwords and two-step verification annoyances. And the sooner the password can finally be laid to rest, the better. [Wired]
Image by Florida3d/Shutterstock
Bad Grammar Make Good Password
Google Is Killing Google Reader
Foxconn Hacked, Making Its Passwords Publicly Available
Title is very much misleading as usual…
Password is not being killed, how it is entered into a system is changed, hardly news at all… ring, retina scan, facial recognition, your fart scent etc all the same in different ways.
We will end up with a chip under our skins, won’t we?
How else will Google have complete and total control over all the meatbags when it reveals its sentience and asserts its place in total global domination?
xkcd.com/792/
Surprisingly relevant.
If I understood this correctly, all we are talking about here is an alternative to typing a password (as opposed to an alternative to passwords).
What I would have liked to read is that the W3C are developing some kind of client-side API for HTML5 which allows hardware verification, like a pass card or USB dongle or biometric scanner or anything really. When the client HTML script has authenticated the user successfully, it sends a one-time token to the server to confirm that the user has successfully authenticated.
I just use Lastpass. Works really well and I never have to remember a passwords even though they are a random combination of upper, lower, numbers and symbols. It works in all browsers and even on my mobile devices.