Google wants to replace all your passwords with a ring
March 13, 2013
As part of research into doing away with typed passwords, Google has built rings that not only adorn a finger but also can be used to log in to a computer or online account, MIT Technology Review reports.
At the RSA security conference in San Francisco last month, Mayank Upadhyay, a principal engineer at Google, said that using personal hardware to log in would remove the dangers of people reusing passwords or writing them down.
Upadhyay said that Google’s trial was focused on a slim USB key that performs a cryptographic transaction with an online service to prove the key’s validity when it’s plugged into a computer. The key also has a contactless chip inside so that it can be used to log in via mobile devices.
Tokens like the ones Google is testing do not contain a static password that could be copied. The cryptographic key unique to the device is stored inside and is never transmitted. When the key is plugged in, it proves its validity by correctly responding to a mathematical challenge posed by the online service it is being used to log into, in a way that doesn’t produce any information that could be used to log in again.
Upadhyay didn’t say which company supplied the hardware at the core of the new trial, but the features he described are identical to a USB security key called the NEO made by Yubikey, a California company that launched in late 2012. Consumers can buy a NEO for $50, although companies buy them in bulk at lower prices.