HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Topics » Computers & Internet » Computer Help and Support (Group) » Google Declares War on th...
Introducing Discussionist: A new forum by the creators of DU

Tue Jan 22, 2013, 12:18 AM

Google Declares War on the Password

http://www.wired.com/wiredenterprise/2013/01/google-password/?utm_source=googlenews&utm_medium=googlenews&utm_campaign=googlenews&google_editors_picks=true



MOUNTAIN VIEW, California — Want an easier way to log into your Gmail account? How about a quick tap on your computer with the ring on your finger?

This may be closer than you think. Google’s security team outlines this sort of ring-finger authentication in a new research paper, set to be published late this month in the engineering journal IEEE Security & Privacy Magazine. In it, Google Vice President of Security Eric Grosse and Engineer Mayank Upadhyay outline all sorts of ways they think people could wind up logging into websites in the future — and it’s about time.

2012 may have been the year that the password broke. It seemed like everyone on the internet received spam e-mail or desperate pleas for cash — the so-called “Mugged in London” scam — from the e-mail accounts of people who had been hacked. And Wired’s own Mat Honan showed everyone just how damaging a hack can be.

The guys who hacked Honan last August deleted his Gmail account. They took over his Twitter handle and posted racist messages. And they remote-wiped his iPhone, iPad, and laptop computer, deleting a year’s worth of e-mails and photographs. In short, they erased his digital life.

7 replies, 1109 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 7 replies Author Time Post
Reply Google Declares War on the Password (Original post)
steve2470 Jan 2013 OP
TreasonousBastard Jan 2013 #1
RC Jan 2013 #2
discntnt_irny_srcsm Jan 2013 #3
Phillip McCleod Jan 2013 #4
Mnpaul Feb 2013 #7
backscatter712 Jan 2013 #5
trishnikolic Feb 2013 #6

Response to steve2470 (Original post)

Tue Jan 22, 2013, 01:10 AM

1. On my work computer I have a gadget from...

RSA Security that plugs into a USB port and works with my ID and password to authenticate me and my computer. They won't tell me how it works, but I figure it sends a fresh code to the other side every time I log in. Even if it is hacked, the hack would only work once.

Had it for years, and the early versions were reported to be hackable, but it's used by at least the government agency I work for, and probably others.



Reply to this post

Back to top Alert abuse Link here Permalink


Response to steve2470 (Original post)

Tue Jan 22, 2013, 05:10 PM

2. The problem with this is, gadgets can be lost or misplaced.

 

Or run through the laundry. Or forgotten at home, which you discover at your destination.
I had a card for logging on to my work computer. It was a PITA. And I still had to use a password, in case the card was stolen.
That sort of defeated the object of having the card in the first place.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to RC (Reply #2)

Tue Jan 22, 2013, 08:31 PM

3. Security and gadgets

I have an RSA token for logging in to my brokerage accounts. It can be a pain.

My work laptop has an RSA soft-token which accepts a PIN and generates a 10 digit code to connect to the VPN. When in the office, I only need my user name and password.

It's a good thing I can remember numbers better than names.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to steve2470 (Original post)

Tue Jan 22, 2013, 09:29 PM

4. dell vostros have fingerprint authentication

 

just awesome.

gotta say i'll be glad to see the password go but it won't be that easy. there will be a place for passwords as long as hackers (in the original sense of the word not the pejorative) use keyboards and command lines. it takes like two seconds to type it in doing ssh or sudo or whatnot.

my prediction is innovation in cryptography of the sort that can defy quantum computers. so nothing based on factoring. more likely combinations of crypto algorithms like we already see.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Phillip McCleod (Reply #4)

Mon Feb 11, 2013, 08:34 AM

7. My tablet also has a fingerprint scanner

and it also doubles as a scroll bar in portrait mode. It also has a smart card slot which is basically the same thing that they are promoting here. Fujitsu has had them since 2005.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to steve2470 (Original post)

Tue Jan 29, 2013, 02:05 AM

5. The way to go is two-factor authentication.

By two factor, I mean that of the three types of authentication you can do (show something you know, like a password, show something you have, like a key, or show something you are, like a fingerprint), you should provide two of them.

So instead of just a password, you use a password and a cryptographic dongle, like that RSA dongle. Or you use a password, and swipe your finger on the fingerprint reader. Your smartphone's useful as a key - for my Google account, when I log-in from a strange computer, I have to enter both my password and a code from the Google Authenticator app on my phone, which changes every minute. Or if you're only logging in from one PC, the system stores a cookie on that system, and can identify it that way, so your computer is your second factor.

That makes it harder to hack into your stuff.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to steve2470 (Original post)

Mon Feb 11, 2013, 08:18 AM

6. Google Declares War on the Password

Passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe. Google agrees. Along with many in the industry, it feels like passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe.

Thus they’re experimenting with new ways to replace the password, including a tiny Yubico cryptographic card that — when slid into a USB (Universal Serial Bus) reader — can automatically log a web surfer into Google. They’ve had to modify Google’s web browser to work with these cards, but there’s no software download and once the browser support is there, they’re easy to use. You log into the website, plug in the USB stick and then register it with a single mouse click.

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread