In an upcoming IEEE Security & Privacy Magazine paper, Google security team members Eric Grosse and Mayank Upadhyay describe their research on hardware solutions to the problem of online security. One of their ideas is a small key that, when put into a USB port, logs the user in. Another one involves embedding a smartcard into a ring that can be tapped against a computer to send login data wirelessly. They have also created an authentication protocol that is Google- and browser-independent; if enough sites support it, “people mostly won’t need strong passwords, except in rare occasions — when they’re making significant changes to their account, for example.”
What’s the Big Idea?
With data collection becoming more widespread, and hacking techniques growing more sophisticated, it’s a busy time for security experts in a variety of disciplines. Grosse and Upadhyay write, “[W]e feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe.” A physical login device could work “almost like a car key” for the Internet…but it would have to be kept safe, just like a car key. “[I]f someone steals your card or your smart-ring, you’d better report it stolen pretty quickly.”
Embedded in a cell phone or in accessories such as rings, bracelets or watches, the novel tools aim to make it easier to manage hypertension. But they must still pass several tests before hitting the clinic.