Tuesday, October 21st16.6°C
23836

Google launches pilot project to get rid of passwords

Computer questions/solutions, technology news, science topics.

Moderators: oneh2obabe, Triple 6, Jo, ferri

Google launches pilot project to get rid of passwords

Postby oneh2obabe » Jan 22nd, 2013, 10:17 am

Lesley Ciarula Taylor
Staff Reporter

You may think 3%oiH[nk&R is a good password but Google knows you’re wrong.

The Internet giant has launched a pilot project with encryption key company Yubico to find a way to replace passwords for all of its services.

“We feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe,” Google vice-president of security Eric Grosseand engineer Mayank Upadhyay write in a research paper to be published this month, Wired magazine reported.

Stina Ehrensvard, founder and CEO of Yubico, confirmed the project for the Toronto Star and explained why Google has to act quickly to replace passwords.

“There are no security threats that cannot be addressed with one-time password technology,” Ehrensvard said.

Yubico, a five-year-old California company whose clients include the U.S. Defense Dept., makes thumb- and quarter-sized encryption keys and wearable rings that plug into ports on PCs, laptops and smartphones and spit out new passwords with each sign-on.

If you lose your key or ring, you cancel it the way you would a credit card and get a new one. Users could go back to using their old passwords for the time being but like credit cards, they can get you a new one quickly and give you emergency access in the meantime.

Yubico is not the only encryption company Google is talking to, Ehrensvard said. But the pilot project is well on its way to reality.

“This is a game changer. However, in order for it to be really fully adopted, browsers also need to adopt it.

“ID theft is costing more than $1 trillion every year. If we don’t solve the problem, the whole creation of the Internet will be in serious trouble.

“Every organization that has a cloud-based business has a reason to be worried and a reason to do something.”

As Google and the banks, governments and corporations it deals with move on to the cloud (the Internet-based remote network of data), their vulnerability in a password-based security system increases and Google knows it has to solve that problem, she said.

The U.S. military think-tank Defense Advanced Research Projects Agency (DARPA) in 2011 put out a call for developers to create a system to replace old technology and insecure passwords that would identify unique characteristics of each user.

“The age of the password is over. We just haven’t realized it yet,” Wired editor Mat Honan wrote in November. Honan famously had his entire identity hacked last summer and wrote about it, spurring a half-million people to sign up for Google’s two-step password authentication process.

“Our digital lives are just too easy to crack. With two minutes and $4 to spend at a sketchy foreign website, I could report back with your credit card, phone and Social Security numbers and your home address.

“Five minutes more and I could be inside your accounts for, say, Amazon, Best Buy, Microsoft and Netflix,” Honan wrote.

Users have resisted tokens and encryption keys because passwords are simple and don’t require remembering where you put them, said Ehrensvard

“In real life, you have a token to lock your house. In the physical world, if we see someone has been in our homes, we do not accept that but for some reason we don’t have the same perception in the Internet world,” she said.

“Although often we have more sensitive information in our digital world than in our houses.”

Google recognizes the hurdles it faces.

“Others have tried similar approaches but achieved little success in the consumer world,” Google’s Grosse and Ypadhyay write in the engineering journal IEEE Security and Privacy Magazine, Wired reported.

“Although we recognize that our initiative will likewise remain speculative until we’ve proven large scale acceptance, we’re eager to test it with the other websites.”

http://www.thestar.com/business/article ... -passwords
Dance as if no one's watching, sing as if no one's listening, and live everyday as if it were your last.

Life is not about waiting for the storm to pass. It's about learning to dance in the rain.
User avatar
oneh2obabe
Moderator
 
Posts: 46882
Likes: 4 posts
Liked in: 940 posts
Joined: Nov 23rd, 2007, 9:19 am

Re: Google launches pilot project to get rid of passwords

Postby netfreak » Jan 22nd, 2013, 10:30 am

Oh yes, I'll totally trust a company that also deals with the US DoD...
I am more important than you.
User avatar
netfreak
Übergod
 
Posts: 1151
Likes: 0 post
Liked in: 3 posts
Joined: Oct 10th, 2006, 8:42 am
Location: kelowna

Re: Google launches pilot project to get rid of passwords

Postby SurplusElect » Jan 22nd, 2013, 5:45 pm

netfreak wrote:Oh yes, I'll totally trust a company that also deals with the US DoD...


What do you think the internet was during the cold war years?
SurplusElect
Übergod
 
Posts: 1618
Likes: 0 post
Liked in: 3 posts
Joined: May 29th, 2012, 1:45 pm

Re: Google launches pilot project to get rid of passwords

Postby underscore » Jan 22nd, 2013, 6:44 pm

What a stupid scare tactic. These keys will be, if anything, easier to crack than a password.
cliffy1 wrote:Welcome to the asylum.
underscore
Übergod
 
Posts: 1469
Likes: 1026 posts
Liked in: 147 posts
Joined: Apr 5th, 2007, 11:12 pm

Re: Google launches pilot project to get rid of passwords

Postby netfreak » Jan 23rd, 2013, 1:16 am

SurplusElect wrote:What do you think the internet was during the cold war years?


Everyone knows the internet is a series of tubes invented by Al Gore.
I am more important than you.
User avatar
netfreak
Übergod
 
Posts: 1151
Likes: 0 post
Liked in: 3 posts
Joined: Oct 10th, 2006, 8:42 am
Location: kelowna

Re: Google launches pilot project to get rid of passwords

Postby Woodenhead » Jan 25th, 2013, 2:19 pm

I hate this age of dozens of passwords & especially PIN numbers. (altho I do use a password manager for the 'net) What Google is looking to do is the natural next step, and pretty much inevitable anyway.
People don't use the castanet forum to discuss. They use it to preach & dictate.
User avatar
Woodenhead
Lord of the Board
 
Posts: 4191
Likes: 0 post
Liked in: 186 posts
Joined: Jun 2nd, 2009, 2:47 pm

Re: Google launches pilot project to get rid of passwords

Postby Captain Awesome » Jan 25th, 2013, 2:28 pm

“The age of the password is over. We just haven’t realized it yet,” Wired editor Mat Honan wrote in November. Honan famously had his entire identity hacked last summer and wrote about it, spurring a half-million people to sign up for Google’s two-step password authentication process.


I read his story about it, and it's quite interesting.
Sarcasm is like a good game of chess. Most people don't know how to play chess.
User avatar
Captain Awesome
Buddha of the Board
 
Posts: 22930
Likes: 3 posts
Liked in: 1502 posts
Joined: Jul 22nd, 2008, 5:06 pm
Location: The United Colonies of The Lizard People


Return to Computers, Science, Technology

Who is online

Users browsing this forum: No registered users and 1 guest