A View from Tom Simonite
Google Joins PayPal-Backed Effort to Kill the Password
The search giant has signed up to a consortium that wants hardware to have a role in authenticating people.
Google has joined a consortium of tech companies including PayPal and Lenovo attempting to stop passwords being the sole protector of personal accounts.
The group, the FIDO Alliance, is working on technology that would give the device a person was using a role in authenticating them so that a password alone is not enough to unlock an account (see “PayPal, Lenovo Launch New Campaign to Kill the Password”). That approach can make it impossible to compromise accounts just by stealing passwords, as hackers did in order to break into Twitter this year and LinkedIn last year.
Logging into an account using the FIDO approach might involve the security chip in your PC or phone being checked, or a person being prompted to say a short phrase so the sound of their voice can be matched with a voiceprint on file.
Google joining the group is a major boost for the FIDO approach, which needs support from major technology companies to succeed. Google is already known to be interested in demoting the importance of passwords to security. As well as offering two factor security, where a person must provide a one time code sent to their phone along with their password, the company is also testing the idea of replacing passwords with personal USB keys, or even rings with contactless NFC technology (see “Google Wants to Replace All Your Passwords with a Ring”).
The FIDO Alliance isn’t going to back any one replacement for passwords, but is working on technical standards that make it easy to support all kinds of replacements. That’s an important role if the ideas Google has about our password-free future are to take hold. Remembering many passwords is a challenge, but having a different USB or piece of jewellery for each online account would be worse.