Google are looking at a new way for users to access their GMail accounts Instead of using the old-fashioned user name and password method, they have been testing out several new ways including finger ring authentication. Passwords are easily broken these days by hackers looking to disrupt your life and possibly do some serious damage, not just to your hardware but to your finances as well.
Mat Honan of Wired.com was hacked just last year and the result was the loss of his email account, his twitter account being used for racist means and his laptop, iPhone and iPad being wiped remotely. While it’s a nuisance having to reset everything and open up new accounts, it’s the loss of information, photographs and documents that is worse, especially as, once gone, they are irretrievable. As it appears to be widely agreed that passwords are no longer secure enough, what exactly are Google working on ?
Right now they are looking at and testing something called the Yubico cryptographic card. It slides into a USB reader and is easily set up with a simple click of the finger, enabling access to Google and related accounts. They eventually want users to be able to use just one device, such as the Yubico or a smartphone to access all mail and other online accounts.
They say :
“We’d like your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity.”
While it may not be possible to do away with passwords altogether, we will be able to start forgetting about difficult and complex ones according to Eric Grosse, VP of Google Security.
“We’ll have to have some form of screen unlock, maybe passwords but maybe something else,” he says, “but the primary authenticator will be a token like this or some equivalent piece of hardware.”
In the meantime, Google have a 2-step authentication process whereby you can link your account to your mobile phone. If account access is attempted from a different computer a secret code is sent to the phone that is linked. While it isn’t a perfect solution it is better than the old, simple password system and far more secure.