Google according to Wired Magazine, is ‘declaring war’ on the password, but is the solution they propose a practical one? Unless something has gone terribly wrong, it’s very difficult to misplace your brain. The little chip that Google suggests we should use to ‘make logging in easier’ is an easy victim of the void down the side of your desk, or the back of the sofa. Is this a risk worth taking to save us the effort of carrying a string of characters around in our heads?
Google vice president of security Eric Grosse explains “We’ll have to have some form of screen unlock, maybe passwords but maybe something else,” he says, “but the primary authenticator will be a token like this or some equivalent piece of hardware.”
But wait… Google are not talking about logging into your laptop or desktop computer, they are talking about logging into websites.
The effects of online identity theft are so damaging, that rather than an on-screen verification like a ‘Captcha’ box, Google is suggesting a physical object you can connect to a small touch-point on your computer, just to prove it’s really you, is the answer.
Wired Magazine journalist Mat Honan was hacked last August. After cracking his passwords, the hackers deleted his g-mail account, took over his twitter account and remotely wiped his iPad:
‘Passwords are a cheap and easy way to authenticate web surfers, but they’re not secure enough for today’s internet’.
Google know that for this ‘device-based authentication’ to work, they will have to collaborate with other websites, so they are developing a protocol that requires no specific software to work, and which prevents websites using the technology to track users.
While this concept introduces a new area for human error to sneak in – our inescapable talent for losing tiny things – at least Google are driving hard to find a non-commercial, hacker-proof solution to the very real threat of online identity fraud.