Google trial Yubikey as password all-in-one solution

Smartphone or ring will unlock online accounts

With Google already strongly supporting NFC through Android Beam and Google Wallet the company has started looking into new ways to deploy wireless tech

The security team at Google are trialling new ways of logging into email and user accounts, with the aim of scrapping passwords entirely, in favour of a new Yubikey or even a ring that contains wireless technology.

In a new research paperto be published in IEEE Security and Privacy Magazine later this month, Google Vice President of Security Eric Grosse and Engineer Mayank Upadhyay have outlined future methods for logging into websites, voiding the need for passwords.

Google are currently experimenting with the Yubikey, a tiny Yubico cryptographic card, which will automatically log the web user into Google when slotted into a USB card reader, and although Google have had to adapt their existing web browser, there will no software downloads required. The user simply needs to log into the website, plug in the USB stick and then register it with a single click of the mouse.

The Yubikey will then be used in a similar way to a car or house key, which provides the main problem with this technology. Although it will drastically reduce the chances of your accounts being hacked; if you lose it, you have to report it missing/stolen immediately, and then have it replaced.

In the article, Grosse and Upadhyay said: “Along with many in the industry, we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe,”

Eventually, the Google security team hope that they can then scrap the USB stick for a wireless equivalent, possibly linked into your mobile phone or jewellery: “We'd like your smartphone or smartcard-embedded finger ring to authorise a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity.”

They add: "We'll have to have some form of screen unlock, maybe passwords but maybe something else, but the primary authenticator will be a token like this or some equivalent piece of hardware."

Grosse and Upadhyay believe this new technology will result in completely password-free log-ins, except when making significant changes to user accounts. However, it is not yet clear whether other websites will be willing to collaborate with Google on the idea.

Tags

Related articles