Google declares war on passwords

The history of hacks and massive leaks in 2012 shows that passwords have discredited themselves as a reliable means of protecting confidential information. We need to look for an alternative. Therefore, Google has organized a series of experiments using alternative authentication methods. One of them involves the use of miniature cryptographic cards Yubico , depicted in the photograph. If you insert such a card into the USB connector, then you automatically log into your Google account without entering a password.

To fully support new authorization methods, you will need to modify the Chrome browser, and Google is ready to do this. In this case, you do not need to install any additional software. The system will be very simple and friendly for both users and web developers.

To register on a new site, you go to it, insert a card - and register with one click of a button. It is likely that other web services will switch to the new authentication methods from Google.
')
Authentication using a cryptographic card is similar to using a regular key with which you open the door of your apartment. You need to physically insert the key into the lock.

Google employees say that in the future, you can simplify this process using wireless protocols. The key can be flashed in the phone or in the chip that you carry in the ring on the card. It is enough to bring the phone to the computer or bring the hand to the receiver - and you are authorized in the system. For additional protection, you can accompany the process with additional input of a one-time code, but this is better than memorizing long passphrases or 20-digit combinations of characters.



Employees of Google lead another interesting fact - the growing popularity of two-factor authentication, when in addition to the password comes a one-time code on the phone. A serious jump in the popularity of this authentication method occurred after the well-known incident with the complete hacking of journalist accounts Mat Honan . This story was widely reported in the press: one day the journalist discovered that his twitter was taken away, and the files on the laptop and iPhone were erased through the Find My Phone and Find My Mac services. The attacker received a temporary password for AppleId via the Apple Care support service by phone, reporting the allegedly forgotten password and confirming his identity from personal data fragments. On the AppleId, the attacker also recovered the “forgotten” Gmail password, completing the destruction of Mat Honan’s digital life. Within two days after that epic hack, the number of Google two-factor authentication users increased by a quarter million.