Comments on: Google taps Yubico for password USB rings of the future

By: Barrelof Monkeys

Barrelof Monkeys — Mon, 21 Jan 2013 08:47:00 +0000

I see a half a dozen ways to hack it already without more extensive security measures implemented. Although something like this with a randomly generated number based on an insane algorithm coupled with a bio-metric element would probably work ok.

By: rivercaver

rivercaver — Mon, 21 Jan 2013 02:22:00 +0000

I think there is a bio-metric element to this ring that requires a live finger.

By: Steven

Steven — Sun, 20 Jan 2013 22:07:00 +0000

Because they’re expensive and glitchy.

By: P.T.

P.T. — Sun, 20 Jan 2013 16:33:00 +0000

What is the difference between using a USB key versus a program that stores your passwords on your PC? If your PC can be hacked and the password stolen, whats to stop a “Trojan Horse” from stealing ALL of your password info from a USB ring?

If something can be “created,” it can also be “defeated” or exploited. Can anyone point out any technology that has been created that is impossible to defeat?

By: Jim

Jim — Sun, 20 Jan 2013 16:11:00 +0000

By: IAF101

IAF101 — Sun, 20 Jan 2013 15:38:00 +0000

Question is: What is harder – stealing a physical key and cloning it or hacking passwords through tables ?

By: Stranger

Stranger — Sun, 20 Jan 2013 14:33:00 +0000

ROM files are still read by the computer and while a virus cannot attach itself to it, it can easily spread them.

By: Stranger

Stranger — Sun, 20 Jan 2013 14:30:00 +0000

But the key is used the same way the Windows Login backup password had been in Windows Vista. You don’t need a memorized password. I honestly don’t see how adding a digital key DRM improves their e-mail services.

By: Stranger

Stranger — Sun, 20 Jan 2013 14:26:00 +0000

This isn’t a new idea at all. I don’t see how Google is bring innovative with this since Blizzard has done this for ages with World of Warcraft and Microsoft had this with Vista a few years before Google “came up with” this “new” invention.

By: Dave

Dave — Sun, 20 Jan 2013 11:29:00 +0000

So use some sort of rom no upload to ring then.

By: Subbu

Subbu — Sun, 20 Jan 2013 11:08:00 +0000

Why not bio-metrics instead? You have it with you all the time and wont be lost!

By: Mike

Mike — Sun, 20 Jan 2013 10:44:00 +0000

I think so. I like the idea of an implant, actually, nightmare scenarios aside.

By: Mike

Mike — Sun, 20 Jan 2013 10:43:00 +0000

Not at all. The key would work in conjunction with a password. We use this kind of thing in Norway for online banking and shopping. You need a physical device that gives you a code that changes every minute, and you need your memorized password.

By: nweiner

nweiner — Sun, 20 Jan 2013 10:41:00 +0000

A stupid idea… biometrics and passwords make more sense. Any physical key has to have a backup and be cloned -

By: Kram

Kram — Sat, 19 Jan 2013 16:46:00 +0000

Depending on which key Google selects from Yubico it can provide the capabilities including two factor authentication. First factor is ” what you know” that can be a password, second is ” what you have” which in google’s case they may have the USB token. The combination of these form two factor authentication. This two factor authentication is the norm in the federal and non federal space where “what you have” or the secondary form of authentication is a Common Access Cards(CAC) or Personal Identity Verification (PIV).
With enhanced security of the USB this will enable users to conduct online transactions with greater confidence.

By: Avigayil Megan Hosch

Avigayil Megan Hosch — Sat, 19 Jan 2013 15:37:00 +0000

Whether you realize it or not, Google already follows most peoples daily movements.
And as someone who has used a usb authenticator for years, I’m eager to see what Google can do. As far as losing it? You keep track of your house / car keys, credit cards and smartphone ( which is usually connected to all your accounts) , why can’t you keep hold of a ring? Something physically on your body? And I am sure, as with credit cards, you will be able to cancel the device if Lost or stolen.

By: 1 Pourtuge1

1 Pourtuge1 — Sat, 19 Jan 2013 15:36:00 +0000

Great first step,..in getting people to accept being universally implanted with a device. Inevitable future?

By: Seth

Seth — Sat, 19 Jan 2013 15:22:00 +0000

We have used physical keys for centuries. They can be lost or stolen which is a pain. I hardly think a physical key is the future! I think it more likely that passwords will continue to be king but the intelligence level on their use will improve. Things like server side password security, locking accounts after a reasonable number of failed attempts (10 not 3!), sensible password strength requirements, etc. As a user I have been subjected to all manner of unnecessary password stupidity imposed upon me by IT administrators & programmers who seriously needed a higher level of common sense.

By: Fred

Fred — Sat, 19 Jan 2013 15:20:00 +0000

Bear in mind what is at risk here, if that ring is stolen. Your bank accounts. Your stock accounts. Your entire life savings could be lost in a matter of minutes. Muggings might become commonplace just to get those incredibly valuable rings.

By: Greling Jackson

Greling Jackson — Sat, 19 Jan 2013 15:19:00 +0000

So glad I didn’t buy this. I was thinking about it, but now that Google’s hands are in it, I now know better.

By: Theo Halloran

Theo Halloran — Sat, 19 Jan 2013 15:07:00 +0000

Yes. There is a problem. It is called Electro-Static Discharge. Dry, cold environments are particularly susceptible to this and USB sticks are easily fried. Everyone knows about “shocking” someone after rubbing their feet across a carpet, right? That same discharge will ruin most USB memory-like devices, including these. Better have plenty of backup and instruct folks to protect the metal tabs on those USB keys.

By: Akipdale

Akipdale — Sat, 19 Jan 2013 15:05:00 +0000

Why wouldn’t it be uploadable to several devices including a spare and a credit card?

By: Chico

Chico — Sat, 19 Jan 2013 15:03:00 +0000

You are a Google sheeple

By: marc

marc — Sat, 19 Jan 2013 15:02:00 +0000

Malware stored on and executed from your key as it is plugged into a computer you don’t own would be my biggest concern.

By: Funny about Money

Funny about Money — Sat, 19 Jan 2013 14:59:00 +0000

True, if you lose your car keys you don’t drive. But it’s not quite comparable: if I lose my car keys, I can call someone to drive me home where I can pick up a spare set of keys. If this thing is lost, I’m flat outta luck. Also, Google is not tailing me around the city spying on everything I buy and listening to everything I say (yet…).

By: bonez565

bonez565 — Sat, 19 Jan 2013 12:10:00 +0000

As someone who already uses a yubikey to access an online password store (Lastpass) I’m all for this idea especially if it is backed by google.

By: Jose Rodriguez

Jose Rodriguez — Sat, 19 Jan 2013 01:00:00 +0000

So what’s the difference? If you lose your car keys you don’t drive. If you lose your computer key you don’t surf or work. I would feel more secure knowing that my security is in my hands. All other ancillary issues are irrelevant. Let Google, Yubico, or whomever can defeat the hackers make a profit. That’s the American way!

By: Frank Malloy

Frank Malloy — Fri, 18 Jan 2013 23:42:00 +0000

And all your personal data will be sucked off your computer onto this Trojan horse key for Google to harvest and sell…brilliant…

By: BillyBob

BillyBob — Fri, 18 Jan 2013 23:30:00 +0000

Doesn’t this problem also apply to house and car keys? And swipe cards for the office and any physical token based security?

By: John Murray

John Murray — Fri, 18 Jan 2013 20:04:00 +0000

Damn…I lost my USB ring in my seat cushions again. Now I won’t be able to pay my bills.