Saturday, January 19, 2013

Google experimenting with USB 'keys' to access accounts in bid to kill off passwords

Since passwords have become an increasing problem for many, Google could be set to replace them entirely and is experimenting with USB keys, mobile phones and even jewellery that can act as a physical "key" to give users access to their account.

The search giant's security bosses are set to publish their findings next month and say they could soon be commonplace

The Yubikey, which is believed to have been tested by Google, can automatically log users onto all their accounts without ever asking for a password by placing it into a Google laptop.

The tiny key can be used in any machine with a USB drive, and acts as a physical "key" to unlock the user's account.

It can automatically log users in to all of their accounts, and even into their favourite websites, without ever asking for a password.

In the upcoming issue of IEEE Security and Privacy Magazine, Google Vice President of Security Eric Grosse and engineer Mayank Upadhyay are set to detail what is basically a physical key with a "smart chip" embedded inside it.

"Along with many in the industry, we feel password s and simple bearer tokens such as cookies are no longer sufficient to keep users safe," the Daily Mail quoted the pair as writing in their paper, according to Wired.

The firm is also believed to be experimenting with wireless chips that are already built into some mobile phones, and can even be built in jewellery.

'We'd like your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity,' the team write.

The firm is also believed to be addressing the obvious problem with the system - users losing their "key".

The firm is thought to be developing a simple system to replace them.

The USB Keys can be placed on a keychains, and are similar to the ID readers required by many banks to allow people to log into their accounts

However, the pair admits that they will have to rely on websites to support the scheme.

The USB keys are resilient to being dropped, and can even be taken underwater without ruining them.


  1. Another attempt by Google to ensure people log on with their "legitimate" details. It will be the end of anonymous/fake accounts across the Internet. This is not motivated by better security or ease of use etc. It is motivated by the need to ensure all accounts are legitimate. After all, no advertising company wants to waste time and money targeting fake accounts.

  2. And this would allow Google to access your accounts remotely is this "Big brother" again!

  3. This takes away the ordinary users power of control of remote access to his account since he will not be able to change his password as and when he pleases.

  4. How is this safer? If u lost the key then you are at risk of identity fraud. This is meant to be for the public not the advertising companies wasting time with fake accounts.

  5. And when people start losing their little keys will they next want put them in cuswtomer's brains? All for the convenience of the company of course, not for the customer. Just who the hell do these people think they are? I've never used google.

  6. Indeed; and when the 'jewellery', etc, gets lost or stolen, or proves otherwise ineffective, will the next step be the implantable microchip? Sooo safe; sooo convenient ... although, of course, no chip means no access. All for your own good, of course ...Until, in the end, no microchip equals no internet, no shopping,no school,no hospital, etc etc.
    All for your own good ....