Google researchers have proposed "physical" passwords, such as a USB key or finger ring, to solve website password problems.
With the plethora of online accounts these days, it's no wonder that forgotten or weak passwords are so common. But it's those weak passwords that cause the hijacking of online accounts, and Google is working to put a stop to it.
The company thinks that "physical" passwords -- that may come in the form of a piece of jewelry, such as a ring -- might be the answer, according to NetworkWorld. The basic idea is that people can use a single device put into a USB slot to log into all of their online accounts with one mouse click.
Current strategies to prevent online account hijacking, including the two-step identity verification system, are insufficient, according to Google's Eric Grosse and Mayank Upadhyay, partly due to the constant threat of attacks that exploit new bugs. And phishing is one of the biggest security threats today.
"It's time to give up on elaborate password rules and look for something better,"Grosse and Upadhyay say in a research paper scheduled to be published Jan. 28 in IEEE Security & Privacy.
Google's proposal is an encrypted USB-like device that people would use to log into password-protected websites and online accounts. The company says it's working on an internal pilot with an experimental USB device that users first register with multiple websites where they have accounts, NetworkWorld reported, and a compliant browser would make two new application programming interfaces (APIs) available to the website to be passed down to the attached device.
Though the method wouldn't require any software to be installed, users would have to use a Web browser that's compliant with the effort, according to Google. The registration and authentication protocols would be open and free, and the device would connect with a computer's USB without needing any special OS device drivers.