Google Ring of Power Could Render Passwords Obsolete
Google Vice President of Security Eric Grosse and Engineer Mayank Upadhyay published a paper proposing a ring-finger authentication device to replace classic password-based authentication to strengthen websites’ authentication.
Saying that typing passwords can be time consuming and far more vulnerable, an authentication token worn as jewelry could prove far more secure, the Google staffers said. Two-step authentication is already a secure and widely adopted Google feature, but the new technology promises to authenticate new devices with a single tap.
“Along with many in the industry, we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe,” wrote Grosse and Engineer Mayank Upadhyay. “We’d like your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity.”
Although the technology could lower the success rate of phishing attempts, it does require websites to allow the new undisclosed protocol. Arguing that the adoption rate for the new technology is controversial, both researchers believe standard password authentication will be replaced within the near future.
“Others have tried similar approaches but achieved little success in the consumer world,” said Grosse and Upadhyay. “Although we recognize that our initiative will likewise remain speculative until we’ve proven large scale acceptance, we’re eager to test it with other websites.”
As most systems use passwords for authentication, Google’s ring-finger token could set new standards in terms of security and data protection.