Google wants to replace passwords with 'smart rings' and USB keys

Passwords are a necessary evil when it comes to surfing the Web. Google's security team thinks it's time the password is replaced with something better, like an authenticator that isn't a string of letters, numbers or symbols.

In the upcoming issue of IEEE Security & Privacy Magazine, Google Vice President of Security Eric Grosse and engineer Mayank Upadhyay detail what is basically a physical key — a smartchip-embedded one — that can be used to automatically log into online services when plugged into a computer.

One option uses YubiKey, a tiny USB drive with a special chip, and a modified version of Google's Chrome Web browser. When a user plugs in the YubiKey, they're automatically signed into Google and never asked for a password.

Another option uses a "smartcard-embedded finger ring to authorize a new computer via a tap on the computer."

Smartphones that connect wirelessly (perhaps through Near Field Communication?) to computers are also being considered as secure password alternatives.

As safe as using a USB drive, phone or "smart ring" as a password replacement is, it also comes with the same risks of a car key or credit card: they can get lost. Google's security guys suggest there will a system in place where people report their smart rings as lost or stolen.

If keys don't make you feel safer, then it's a good thing there are other researchers working on using eye movements and 3D facial and voice recognition software to create an "unbreakable" password.

Via Wired

For the latest tech stories, follow DVICE on Twitter
at @dvice or find us on Facebook