Google hopes to lead the scrapping of passwords by proposing what the company claims will be a more secure online authentication method.
The security industry has long recognised that passwords are becoming increasingly insecure and difficult to use as they become more complex and difficult to remember.
In 2012, security experts at UKFast warned that a tool for hackers capable of cracking nine billion passwords a second was available for as little as £400.
In the light of this problem, two security experts at Google are proposing the use of a single device to confirm the user’s identity.
Google’s vice-president of security Eric Grosse and engineer Mayank Upadhyay have experimented with a tiny cryptographic USB card called a YubiKey, which implements highly secure “one-time pad” cryptography to log in to Google services.
READ MORE ABOUT PASSWORDS:
- Intel lends a hand eliminating passwords
- Password security best practices: Change passwords to passphrases
- Unsafe password practices cause Dropbox spam scare
- Security Zone: Passwords: Help users discover what is available!
- Cheap consumer hardware cracks complex passwords in seconds
However, they hope to take the technology wireless and integrate with devices users already have, such as mobile phones or jewellery, to work across all online accounts, according to Wired.
According to the report, Grosse and Upadhyay have developed a Google-independent protocol that requires no special software to authenticate a security device.
The protocol even includes measures to prevent websites from tracking users via their security devices, and only requires that the user be running a browser that supports the protocol.
Previous attempts at introducing password alternatives have failed because of the need for all web service to adopt the same standard, but pundits say Google may be big enough to make it happen.
“Others have tried similar approaches but achieved little success in the consumer world,” Grosse and Upadhyay said, in a soon-to-be-published report.
“Although we recognise that our initiative will likewise remain speculative until we’ve proven large scale acceptance, we’re eager to test it with other websites,” they wrote.