The search giant has signed up to a consortium that wants hardware to have a role in authenticating people.
April 23, 2013
Google
has joined a consortium of tech companies including PayPal and Lenovo
attempting to stop passwords being the sole protector of personal
accounts.
The group, the FIDO Alliance,
is working on technology that would give the device a person was using a
role in authenticating them so that a password alone is not enough to
unlock an account (see “PayPal, Lenovo Launch New Campaign to Kill the Password”).
That approach can make it impossible to compromise accounts just by
stealing passwords, as hackers did in order to break into Twitter this
year and LinkedIn last year.
Logging into an
account using the FIDO approach might involve the security chip in your
PC or phone being checked, or a person being prompted to say a short
phrase so the sound of their voice can be matched with a voiceprint on
file.
Google joining the group is a major boost
for the FIDO approach, which needs support from major technology
companies to succeed. Google is already known to be interested in
demoting the importance of passwords to security. As well as offering
two factor security, where a person must provide a one time code sent to
their phone along with their password, the company is also testing the
idea of replacing passwords with personal USB keys, or even rings with
contactless NFC technology (see “Google Wants to Replace All Your Passwords with a Ring”).
The
FIDO Alliance isn’t going to back any one replacement for passwords,
but is working on technical standards that make it easy to support all
kinds of replacements. That’s an important role if the ideas Google has
about our password-free future are to take hold. Remembering many
passwords is a challenge, but having a different USB or piece of
jewellery for each online account would be worse.
No comments:
Post a Comment