This news comes from a research paper set to be published this month in the engineering journal IEEE Security & Privacy Magazine. In the report, Google’s Vice President of Security Eric Grosse and engineer Mayank Upadhyay discuss the various ways users could wind up logging on to websites in the future, as reported by Wired.
Last year demonstrated just how fragmented Internet security can be. In June, hordes of LinkedIn users had their passwords leaked by hackers. Mat Honan of Wired had his Gmail account deleted and his Twitter handle tarnished when hackers obtained his log in information and posted racist remarks. These hackers also wiped his iPhone, iPad and laptop, completely erasing his digital life.
According to the yet-to-be-published report, security standards need to evolve as the Internet grows, and traditional passwords just might not cut it anymore.
“Along with many in the industry, we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe,” the two Google security experts wrote in the paper.
This has prompted Google to seek out new ways to keep information secure on the Web. The company has dreamt up an authentication method that would allow users to log in to websites by using a tiny, portable USB key. Researchers have reportedly been experimenting with cryptographic cards from YubiKey, and have found that it wouldn’t take much to configure this type of technology to work with Google’s Chrome browser. These so-called “token” keys would be comfortable and subtle — the report mentions that they can be put into a ring on your finger or integrated into your smartphone.
“We’d like your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity,” the Google executives wrote.
While it may be no struggle to set this feature to work with Chrome, it will only boost Internet security measures if it becomes a widespread practice across the Web.
“Although we recognize that our initiative will likewise remain speculative until we’ve proven large-scale acceptance, we’re eager to test it with other websites,” the report also read.
A protocol independent of Google has reportedly been implemented for this authentication method, but it is unclear as to when we might actually see or use this technology. It still may be a long time before we’ll be using the jewelry on our fingers to log on to our favorite websites.