Google taps Yubico for password USB rings of the future

Jan 18, 2013
31

This week it's been revealed that Google is getting pumped up about working with the company known as Yubico with intentions of creating a sort of "Password Key" that exists in a USB plug around your finger. The report that's about to be published in IEEE Security & Privacy Magazine is bringing word from Google Vice President of Security Eric Grosse and Engineer Mayank Upadhyay on not just the key, but a variety of ways they see online account security working in the future. Are you ready to trust your online life to the ring around your finger?

The paper outlines the way in which Google's privacy warriors intend to change the online world, starting with passwords and security tokens. “Along with many in the industry, we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe," note Grosse and Upadhyay, launching into talk about what Yubico has to offer. The group's cryptographic card is currently working to connect with your account via USB interface, attaching itself to your accounts with a single click.

Think of it as a car key for the automobile that is your online life.

"Others have tried similar approaches but achieved little success in the consumer world. Although we recognize that our initiative will likewise remain speculative until we’ve proven large scale acceptance, we’re eager to test it with other websites. ...

We’d like your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity. " - Grosse and Upadhyay

For those of you thinking about how Google is getting involved in this fabulous security for the future, know this: they've developed a protocol for device-based authentication that "they say", as Wired puts it, "is independent of Google [and] requires no special software to work." The web browser you're working with will of course need to be able to support the device authentication you're using, but that's about it.

Think about using a USB stick to start up your online life whenever you want to log in, wherever you go. Can you imagine anything going wrong with this type of situation? Let us know your concerns or excitement - or both!


Must Read Bits & Bytes