Google has joined the FIDO Alliance. Death of passwords imminent?

April 24, 2013

    Google

    If we cast our minds back to 2012, we may remember the uproar from the technology community, after a hacker broke into tech journalist Mat Honan’s Twitter, Google and Apple accounts. This prompted Google to remind everyone about the safer, stronger protection system built into Google accounts, called two step verification. For an in depth look into what two step verification is, check out the video:

    However, more recently, Google has decided that even this process is not the best method of protecting user accounts and instead thought that the whole password method was getting a bit old. The company was looking into ways to supersede the password and replace it with a more secure method. Google described a possible use of USB devices plugging into computers, to grant access, and said that the authentication technology could eventually fit inside a ring.

    Google has displayed its clear interest in replacing the password, after joining the FIDO (Fast IDentity Online) Alliance, a body dedicated to developing alternative methods to verify a user’s identity when he or she tries to log into websites. Possible approaches include biometrics, voice and facial recognition, USB security tokens, NFC and one time passwords. The goal is to create a standard which will supersede the current password and work with Internet services and one another.

    Google joins existing members Lenovo, PayPal, Nok Nok Labs and Validity, with two other companies (semiconductor company NXP and input device maker CrucialTec) also joining the alliance.

    Joining the FIDO Alliance is a great way to increase industry momentum around open standards for strong authentication
    Sam Srinivas, leader of information security efforts at Google.
    FIDO Alliance

    It is clear that many companies are beginning to believe that the password is no longer an acceptable method of verification. That perhaps, there are other, more secure methods to be found. For the meantime, passwords will continue to be the security standard for the web, but if you are truly worried about security, you should think about implementing the two step verification process.

    Are passwords old news? What verification method would you prefer to use instead of the password (Perhaps NFC from your phone, or a verification ring)?

    Comments

    • MasterMuffin

      “[quote qtext=” :)

      New account protections are always welcome, if someone would steal my Google account, he’d have everything!

    • http://profiles.google.com/bexa.raven Rebecca Raven

      I like Google’s two step verification, using the codes from my phone. I always have my phone with me but there are probably other applications that would be easier, but my imagination isn’t as active as some!

    • Faiz Ahmed Faiz

      There is frankly anything new in this article. I just wonder how much we will need to invest in the hardware to access any of these methods.

    • reeve

      I’m sure there’ll be privacy concern if biometrics login is to be used globally.

      I think 2-step verification is still secure enough, assuming you don’t store both in one place (i.e. don’t store password and google authenticator app in the same phone, lol).

    • David Kopnicky

      This is a dangerous step. All these efforts to squeeze your identity into NFC, ring or whatever other gizmo will also bear a strong possibility of misuse.

      “Hey, this David Kopnicky, he’s a troublemaker, been posting some anti-war crap lately, let’s switch off his NFC remotely. Now he’s f****d, can’t pay his bills, can’t log into his emails. Thanks Google for enabling this, awesome technology!”.
      Lovely.

    Popular

    Latest