Friday, 15 March 2013

Google planning to kill passwords


Web giant Google is researching to build a more secure hardware device which in future can be used to login to a computer or an online account, thus eliminating the need for a password.

Designed in the shape of rings which can be worn on fingers, these hardware devices will aid in logging in to a computer or online account.

The search engine first revealed its plans to put an end to passwords in an academic paper published online in January.

The effort focused on having people plug a small USB key that provides their credentials into a computer.

The possibility of using special jewellery in a similar manner was mentioned in that paper.

According to Google's principal engineer, who specialises in security, Mayank Upadhyay at the RSA security conference in San Francisco last week, "Using personal hardware to log in would remove the dangers of people reusing passwords or writing them down."

"Everyone is familiar with an ATM. What if you could use the same experience with a computer?" Upadhyay said, adding that Google's trial was focused on a slim USB key that performs a cryptographic transaction with an online service to prove the key's validity when it's plugged into a computer.

The key also has a contactless chip inside so that it can be used to log in via mobile devices. Tokens like the ones Google is testing do not contain a static password that could be copied.

The cryptographic key unique to the device is stored inside and is never transmitted.

When the key is plugged in, it proves its validity by correctly responding to a mathematical challenge posed by the online service it is being used to log into, in a way that doesn't produce any information that could be used to log in again.

Google is already talking with other companies to lay the groundwork for using the technology to access different services and websites.

"It's extremely early stages, and we're trying to get more partners," said Upadhyay.

0 comments:

Post a Comment