Passwords are long and complicated and easy to forget. No matter how you slice it, passwords are annoying and on top of that, they’re not even all that secure.
The tricky thing about passwords is you need to remember them, or at least use a service that remembers them for you. But then, ironically, you’d need to remember a password that would unlock that service so you could access other passwords. Don’t worry – our heads hurt, too. That’s why there are minds at Google who are looking into changing the way you access your private accounts that do away with the traditional password method.
“We contend that security and usability problems are intractable,” write Google’s Eric Grosse and Mayank Upadhyay, in an article to be published later this month in IEEE Security & Privacy. “It’s time to give up on elaborate password rules and look for something better.”
As first reported by Wired, “something better” will likely involve hardware.
It was gathered that the company is considering how to make the password something used only rarely.
Google VP of security Eric Grosse and engineer Mayank Upadhyay have come up with some ways for users to access their password-protected accounts:
- A smartphone or smart-card ring that you wear that can authorize a new computer to give you access to certain sites or to the machine itself.
- Plugging a customized USB drive into the computer while you are browsing that automatically logs you in to sites. When you take out the USB drive, the sites no longer give you access.
Adopting that approach, says the paper, could mean that people rarely use passwords at all and “only need a strong password for deep backup.” The company’s intention is to release the details of that approach as an open standard to be adopted by other companies.
One of the biggest technical problems to that idea is that there’s no widely adopted method for devices to speak directly to one another when in the same place. Google is experimenting with Near Field Communication chips that allow devices to be “tapped” together to connect as one solution, says the article, but they’re only just appearing in smartphones and are almost non-existent in PCs.