Passwords are a necessary evil when it comes to surfing the Web. Google's security team thinks it's time the password is replaced with something better, like an authenticator that isn't a string of letters, numbers or symbols.
In the upcoming issue of IEEE Security & Privacy Magazine, Google Vice President of Security Eric Grosse and engineer Mayank Upadhyay detail what is basically a physical key — a smartchip-embedded one — that can be used to automatically log into online services when plugged into a computer.
One option uses YubiKey, a tiny USB drive with a special chip, and a modified version of Google's Chrome Web browser. When a user plugs in the YubiKey, they're automatically signed into Google and never asked for a password.
Another option uses a "smartcard-embedded finger ring to authorize a new computer via a tap on the computer."
Smartphones that connect wirelessly (perhaps through Near Field Communication?) to computers are also being considered as secure password alternatives.
As safe as using a USB drive, phone or "smart ring" as a password replacement is, it also comes with the same risks of a car key or credit card: they can get lost. Google's security guys suggest there will a system in place where people report their smart rings as lost or stolen.