In the future, the safest password might just be no password at all, but a locket or watch that you wear.
That is, if Google’s goal of finding more secure and convenient alternatives to passwords goes as planned.
But will the company’s 500 million Google+ subscribers who have adopted its existing two-step verification password method adapt to no password at all?
Reportedly, the company is working with Yubico to develop a cryptography that, via one tap, would log users into their Google accounts — no password necessary.
The project currently is exploring use of USB-like hardware that would plug into a computer and, with a single tap, communicate one’s passwords, granting one access to his or her accounts.
But that is hardly a cure-all. As Ant Allan, research VP of ITL security, risk, privacy & compliance at Gartner, points out, “Authentication tokens have been established as a norm for strong authentication for years, [but] the limitation at the moment is that they are USB tokens.”
Allan adds, “Two things you’re looking for: better security and better user experience. . . . I don’t see token-based solutions being successful in the long term.”
Google is aware that requiring consumers to carry around tokens could be a critical hindrance to successful adoption rates, so it is looking beyond even that.
The crux of the problem is that having to remember a token becomes just as burdensome as having to remember many passwords.
As a result, Google aims to replace both passwords and tokens with smartphones or jewelry — both items that consumers already have with them.
“We’d like your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations [in] which your phone might be without cellular connectivity,” says a recent report released by Google Vice President of Security Eric Grosse and engineer Mayank Upadhyay.