Google staffers envision the end of standard passwords
dpaSAN FRANCISCO--There are many proposed solutions to overcome the inherent vulnerability of passwords — anything easy enough to remember is liable to also be easy to hack by a determined intruder.
January 31, 2013, 12:06 am TWN
“We contend that security and usability problems are intractable,” write Google's Eric Grosse and Mayank Upadhyay, in an article to be published later this month in the journal IEEE Security & Privacy.
“It's time to give up on elaborate password rules and look for something better.”
Many technologists are advocating biometric devices that would recognize your fingerprint, iris, voice or facial features as a better way of making sure digital users are who they say they are.
Business users also commonly utilize digital tokens that provide one-time passwords for every log-in session or two-stage verification systems that combine a regular password with a code sent over a second device, usually a smartphone.
Tokens are easy to lose however, and Google believes that home users will not bother using them on a regular basis. But if the token took the form of something that the user always carried and was easily accessible then that behavior might change.
“Some more appealing form factors might involve integration with smartphones or jewelry that users are likely to carry anyway,” the authors write.