Friday, January 18, 2013

Google experiments with hardware-based authentication, envisions passwordless future

[![Google experiments with hardwarebased authentication, envisions passwordless future](http://www.blogcdn.com/www.engadget.com/media/2013/01/1-18-2013yubikeys.jpg) ](http://www.engadget.com/2013/01/18/google-experiments-with-hardware-based-authentication/)

2012 was not a great year for security. From the "[epic hack](http://www.engadget.com/2012/08/07/amazon-apple-stop-taking-key-account-changes-over-the-phone/)" of _Wired's_ Mat Honan to the breach of [Dropbox](http://www.engadget.com/2012/08/01/dropbox-confirms-security-breach-new-measures/) and the breakdown of barriers at [Blizzard](http://www.engadget.com/2012/08/09/blizzard--security-breach-2012/) ([not](http://www.engadget.com/2012/02/12/microsoft-store-hacked-in-india-leaked-passwords-stored-in-plai/) [to](http://www.engadget.com/2012/06/06/linkedin-security-breach/) [mention](http://www.engadget.com/2012/11/02/android-smishing-vulnerability-google-fix-patch-coming/) [countless](http://www.engadget.com/2012/07/24/hacker-finds-flaw-in-hotel-locks/) [smaller](http://www.engadget.com/2012/08/18/apple-responds-to-iphone-text-message-spoofing/) [incidents](http://www.engadget.com/2012/07/12/yahoo-security-breach/)), last year held [frequent](http://www.engadget.com/2012/01/25/o2-data-breach/) [reminders](http://www.engadget.com/2011/12/24/chinese-hackers-target-u-s-chamber-of-commerce-sensitive-data/) that what you put online is never truly [safe](http://www.engadget.com/2012/01/26/source-code-theft-prompts-symantec-to-issue-warning-to-customers/). Google has, in the wake of such public failings, began pushing its [two-factor authentication](http://www.engadget.com/2012/08/27/dropbox-two-step-login-verification-available-in-experimental-bu/) with a pretty heavy hand. But even that system has its short comings, and Mountain View is looking for ways to shore up users' accounts. In particular the web giant is exploring hardware authentication options and experimenting with a device called YubiKey -- a USB-based token system. The research will be unveiled in a paper being published later this month in _IEEE Security & Privacy Magazine_, and includes preliminary work on a protocol for using a hardware device to unlock an online account. If carrying around and jacking in a USB key sounds too cumbersome, fear not. Goog

Filed under: [Misc](http://www.engadget.com/category/misc/), [Google](http://www.engadget.com/category/google/)

**[Comments](http://www.engadget.com/2013/01/18/google-experiments-with-hardware-based-authentication/#comments)**

**Source:** [Wired](http://www.wired.com/wiredenterprise/2013/01/google-password/all/), [IEEE Security & Privacy Magazine](http://www.computer.org/portal/web/computingnow/securityandprivacyhttp://)

URL: http://www.engadget.com/2013/01/18/google-experiments-with-hardware-based-authentication/

No comments:

Post a Comment