Green Energy



Google Wants Password123 In Museum Of Bad Headaches


From Will at THE OTHER NEWS:
YubiKey

(Phys)

Should typed passwords ever make their way into the Memory Bin, no tears will be shed in certain quarters at Google. The search giant is taking a serious look at a computing future where users have a safer environment that can secure their online information and accounts via physical passwords, perhaps in the form of finger rings or USB sticks or keys. Google’s Vice President of Security Eric Grosse and engineer Mayank Upadhyay have presented their suggestions for better hardware authentication in an upcoming research paper to be published in Security & Privacy magazine.

Google has been investigating alternatives to typed passwords, which includes a Yubico log-on device slid into a USB reader as part of Google’s quest to help strengthen password security. Google’s eyes are on future login techniques that will be primarily device-centric. 

Wired, in a sneak peek at the research paper set for publication, reported that the paper explores several physical device options, to make a password process that will be easy to accommodate but also sufficiently secure.

Google’s suggestions include a ring worn on the finger. and the YubiKey device from Yubico.
In the YubiKey scenario, it would be programmed so that it can automatically log a user into that user’s Google account. (Yubico was founded in 2007 with a prototype of its YubiKey for securing online identities. The devices are manufactured in Sweden and the U.S.)

Along with many in the industry, we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe,” Grosse and Upadhyay wrote in their paper, according to Wired.

Their project focus is none too soon, as, beyond Google and within the general Internet community, hacker fever has turned into password-reset fatigue. Users have complained over wiped out mail accounts and stolen data from their hacked accounts. Security experts have argued that no passwords are really secure enough, and even CAPTCHA schemes to prove the user is human have been found lacking in keeping users safe.

Media attention to the password impasse grew widespread in November, when Wired senior writer Mat Honan wrote, “This summer, hackers destroyed my entire digital life in the span of an hour. My Apple, Twitter, and Gmail passwords were all robust-seven, 10, and 19 characters, respectively, all alphanumeric, some with symbols thrown in as well-but the three accounts were linked, so once the hackers had conned their way into one, they had them all. They really just wanted my Twitter handle: @mat. As a three-letter username, it’s considered prestigious. And to delay me from getting it back, they used my Apple account to wipe every one of my devices, my iPhone and iPad and MacBook, deleting all my messages and documents and every picture I’d ever taken of my 18-month-old daughter.”

Google’s Grosse does not see the utter obliteration of the password but instead a situation where users can be freed from the need to implement and re-enter complex passwords. “We’ll have to have some form of screen unlock, maybe passwords but maybe something else,” he said. 
Nonetheless, he added, the primary authenticator will be some piece of hardware.
Grosse and Upadhyay acknowledged that others have tried similar approaches and actually did not achieve much success in the consumer world, but the two authors of the research paper are not deterred. Success may come with wider cooperation outside Google. “Although we recognize that our initiative will likewise remain speculative until we’ve proven large scale acceptance, we’re eager to test it with other websites.”
According to Wired, Google has created a universal protocol for device-based authentication that is able to work independent of Google’s own services; just a web browser is needed to support the standard.Read the full story here.




- Update: Clinton’s E-mail Is On A Hosted Exchange 2010 Server, Not In Chappaqua
Update: Clinton’s e-mail is on a hosted Exchange 2010 server, not in Chappaqua There's been a lot of controversy over how Hillary Clinton apparently used a mail server running in her Chappaqua, New York, home when she started her tenure as secretary...

- The Nsa And The Heartbleed Bug
Are any of us surprised to learn that this might have been the case? From the article "NSA Exploited Heartbleed Bug for Years, Exposing Consumers": The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites...

- Google's Future: Microphones In The Ceiling And Microchips In Your Head
From the London Independent: "I don’t have a microchip in my head – yet," says the man charged with transforming Google’s relations with the technology giant’s human users. But Scott Huffman does envisage a world in which Google microphones,...

- Hey! Maybe Weiner Was Hacked By. . .
Newsmax: Gmail Hackers Had Access to Accounts for Months Thursday, 02 Jun 2011 SHANGHAI - Hackers who broke into Google's Gmail system had access to some accounts for many months and could have been planning a more serious attack, said the cyber-security...

- Swell. . .
Hey, Pasto, when was it we were trying to figure out if you were hacked? New York Times NYT: Attack on Google said to hit password system New details surface about the December raid that compromised security By John Markoff The New York Times updated...



Green Energy








.