Passwords are a necessary evil when it comes to surfing the Web. Google's security team thinks it's time the password is replaced with something better, like an authenticator that isn't a string of letters, numbers or symbols.

In the upcoming issue of IEEE Security & Privacy Magazine, Google Vice President of Security Eric Grosse and engineer Mayank Upadhyay detail what is basically a physical key — a smartchip-embedded one — that can be used to automatically log into online services when plugged into a computer.

One option uses YubiKey, a tiny USB drive with a special chip, and a modified version of Google's Chrome Web browser. When a user plugs in the YubiKey, they're automatically signed into Google and never asked for a password.

Another option uses a "smartcard-embedded finger ring to authorize a new computer via a tap on the computer."

Smartphones that connect wirelessly (perhaps through Near Field Communication?) to computers are also being considered as secure password alternatives.

As safe as using a USB drive, phone or "smart ring" as a password replacement is, it also comes with the same risks of a car key or credit card: they can get lost. Google's security guys suggest there will a system in place where people report their smart rings as lost or stolen.

If keys don't make you feel safer, then it's a good thing there are other researchers working on using eye movements and 3D facial and voice recognition software to create an "unbreakable" password.

Via Wired