A recent research paper in IEEE Security and Privacy Magazine, which was quickly covered by Wired Magazine, outlines some potential future alternatives to the password as noted by Google’s Vice President of Security, Eric Grosse.
Two of the most viable alternatives are the Yubikey and the finger ring. The Yubikey is a small device which you insert into your USB drive. Once plugged in, the Yubikey gives you secure access to your online accounts. Similarly, the finger ring would let you into your online universe when touched against your computer.
So what are the implications if Google does eventually introduce either of these password alternatives?
The most obvious answer to my previous question is more safety and privacy on the internet. In this modern age, a text based password, no matter how complex, seems completely inadequate to protect many of the most important aspects of our lives, including our online banking, our email accounts and our personal documents. We need these to remain private and out of the reach of those who wish to steal our information.
Mat Honan, a Wired reporter himself, is a scary example of what can happen if the wrong person does manage to gain access to your accounts. It stands to reason that if someone needs to have physical possession of an object to access an account, that account is far safer than if it could be accessed remotely. In the same way that people cannot draw cash out of your bank account at an ATM without your debit card and your pin, people would not be able to access your online accounts without the Yubikey or the ring.
To begin with…what happens if you lose or misplace your login object? Samantha Murphy rightly notes that it will have to be immediately reported. If you do not, all of your information is potentially at risk, even if the object has just fallen down the back of the sofa. It is not like forgetting your password where you can receive a hint to nudge you in the right direction, or reset the password entirely.
Also, if the login object is reported as lost, does this immediately place your account in some form of lockdown? What happens if you need access to your emails straightaway?
Another issue that needs to be addressed is the fact that you will have to physically carry the item around with you at all times. You wouldn’t want to leave it at home in case you need to access your accounts on the move. This could be an annoying encumbrance. I don’t know anybody that would be enthralled at the prospect of having to carry another object with them as well as their mobile phone, keys, credit card, debit card, driving license, wallet, etc.
It is interesting to note that Google is not the first company to try and implement a system like this. Certain banks, such as HSBC have introduced a secure key to mixed reviews. Many people, myself included, at first felt that it was an inconvenience to carry an item that was barely able to fit in a wallet. However, it must be said that like anything, after a certain period of time it just becomes the norm: you no longer notice that you are carrying the secure key, you just carry it. Google may also encounter this problem if they introduce the login object in the future, but most people will soon get over this initial annoyance and be thankful for the object which massively increases the security of their account.
There is certainly no doubt that the password is out-dated and completely insufficient to safeguard your accounts. And it is wonderful that Google is beginning to think about viable alternatives, even if they are not completely fool proof.
Your online safety and privacy is of the utmost importance: online accounts no longer contain a few personal details, they can contain everything, and it is great to see that positive steps are being taken to protect the individual.