If we cast our minds back to 2012, we may remember the uproar from the technology community, after a hacker broke into tech journalist Mat Honan’s Twitter, Google and Apple accounts. This prompted Google to remind everyone about the safer, stronger protection system built into Google accounts, called two step verification. For an in depth look into what two step verification is, check out the video:
However, more recently, Google has decided that even this process is not the best method of protecting user accounts and instead thought that the whole password method was getting a bit old. The company was looking into ways to supersede the password and replace it with a more secure method. Google described a possible use of USB devices plugging into computers, to grant access, and said that the authentication technology could eventually fit inside a ring.
Google has displayed its clear interest in replacing the password, after joining the FIDO (Fast IDentity Online) Alliance, a body dedicated to developing alternative methods to verify a user’s identity when he or she tries to log into websites. Possible approaches include biometrics, voice and facial recognition, USB security tokens, NFC and one time passwords. The goal is to create a standard which will supersede the current password and work with Internet services and one another.
Google joins existing members Lenovo, PayPal, Nok Nok Labs and Validity, with two other companies (semiconductor company NXP and input device maker CrucialTec) also joining the alliance.
Joining the FIDO Alliance is a great way to increase industry momentum around open standards for strong authentication
Sam Srinivas, leader of information security efforts at Google.
It is clear that many companies are beginning to believe that the password is no longer an acceptable method of verification. That perhaps, there are other, more secure methods to be found. For the meantime, passwords will continue to be the security standard for the web, but if you are truly worried about security, you should think about implementing the two step verification process.
Are passwords old news? What verification method would you prefer to use instead of the password (Perhaps NFC from your phone, or a verification ring)?