Posted on 03/12/2013 1:24:54 PM PDT by Red Badger
The worlds largest search engine is now experimenting with jewelry that would eliminate the need to remember dozens of passwords.
As part of research into doing away with typed passwords, Google has built rings that not only adorn a finger but also can be used to log in to a computer or online account.
The search and ad company first revealed its plans to put an end to passwords in an academic paper published online in January (see Googles Alternative to the Password). The effort focused on having people plug a small USB key that provides their credentials into a computer. The possibility of using special jewelry in a similar manner was mentioned in that paper.
At the RSA security conference in San Francisco last month, Mayank Upadhyay, a principal engineer at Google who specializes in security, became the first person at Google to speak in public about that research. He said that using personal hardware to log in would remove the dangers of people reusing passwords or writing them down. He also thought people would feel some familiarity with the approach. Everyone is familiar with an ATM. What if you could use the same experience with a computer?
Upadhyay said that Googles trial was focused on a slim USB key that performs a cryptographic transaction with an online service to prove the keys validity when its plugged into a computer. The key also has a contactless chip inside so that it can be used to log in via mobile devices.
Tokens like the ones Google is testing do not contain a static password that could be copied. The cryptographic key unique to the device is stored inside and is never transmitted. When the key is plugged in, it proves its validity by correctly responding to a mathematical challenge posed by the online service it is being used to log into, in a way that doesnt produce any information that could be used to log in again.
Speaking after the session, Upadhyay said that the company also had a prototype ring that could take the place of a password token, although he didnt give details on how it works. Some people are not comfortable with a [USB] token, he said.
Google is already talking with other companies to lay the groundwork for using the technology to access different services and websites. Its extremely early stages, and were trying to get more partners, said Upadhyay. Talks have already started with the FIDO Alliance, a consortium that in February launched technology intended to enable new methods of secure log-in that rely less heavily on typed passwords (see PayPal, Lenovo Launch New Campaign to Kill the Password).
The other cool thing, which were really pushing for, is that its just built into the browser, so that you dont have to bother installing middleware or anything else, said Upadhyay. We want to have the case where you could just go to your friends house and it just works.
Google already offers a more secure log-in service called two-factor authentication, which involves a person entering a one-time code sent to their cell phone each time they log in. However, only an estimated 1 percent of Googles users have adopted it, and Upadhyay says most people consider it too much effort to use.
Upadhyay didnt say which company supplied the hardware at the core of the new trial, but the features he described are identical to a USB security key called the NEO made by Yubikey, a California company that launched in late 2012. Consumers can buy a NEO for $50, although companies buy them in bulk at lower prices.
Don’t use Google! It’s a spy agency! I sent an email to a friend talking about his getting an emergency generator for his home. 15 minutes later I sent another email, and there were ads for generators on the right side of the page.
Use this search engine, which doesn’t track your id, ip, and no cookies;
Better than rectum scans.
All your password belong to us!
Rectum?
There’s already little thumb print readers that do the same thing. It doesn’t really replace your passwords so much as enter them for you.
No mugger has ever stolen people’s rings, of course. </S>
It probably is actually. Probably it’s just a RFID, the actual USB part is a RFID reader that detects you have the appropriate RFID.
As for not losing it, well that’s on you.
“Everyone is familiar with an ATM. What if you could use the same experience with a computer? “
ATMs are a pain in the ass to use!
I won’t wear a ring and don’t want to carry any hardware, keys in my pocket are bad enough.
Wow, a magic decoder ring for real! The ones I used to send in cereal box tops for always turned out to be lame.
With a retinal scan, you press your eye against the scanner.
With a a rectal scan, you press your ... well you get the idea.
The next time you see someone missing a finger it will be some idiot that fell for Google’s ring and the thief cut off their finger to get their ring!
G
What ding-a-ling thought this one up??
The people at Google have obviously never worked around machinery.
Still a stupid idea.
Thieves will be able to rip your RFID code off your ring; they already have problems with that with RFID credit cards. You have carry them in metal wallets to protect them from readers.
Anything readable WILL be ripped off by today’s hackers and thieves.
Oh, my no. We have a particularly stubborn vendor who insisted on using it after I'd replaced the servers it used to attach to. Ever try to find a parallel card that will fit a blade server? They finally - and grudgingly - came up with a "newfangled" USB key that had to be reseated at every reboot. We're now on an open-source competitor. Sheesh.
It’s not really a big deal. The fact is the reader will be connected to your computer, if thieves have gotten access to your computer already they don’t need the ring. They can just take the computer and use any of the million ways to get around/ learn your passwords at their leisure.
Sounds great, until Frodo-like amputations start to show up as a common crime MO.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.