Why 2014 might be the beginning of the end for passwords

Google U2F Password Replacement

If there’s one legacy Internet protocol that really needs to go, it’s the password. Given how easy it’s become for hackers to decipher most passwords and how annoying it’s become to memorize multiple passwords that all require capital letters, numbers and symbols, it’s only a matter of time before some enterprising tech company comes up with a way to get rid of the password nuisance once and for all.

Forbes contributor Amadou Diallo writes that Google and Yubico are working on a USB dongle called the YubiKey Neo that will essentially act as a skeleton key for all of your online accounts. You’ll need to set up a user name and PIN to access the YubiKey but from there the device will take care of the rest by sending encrypted data to your Chrome web browser to authorize access to all of your online accounts.

What makes this solution particularly strong is that in order to access your online accounts, a hacker would need to have both your physical YubiKey Neo and knowledge of your username and PIN. In other words, it sounds as though the only way for a hacker to really break into your accounts would be if they mugged you in a back alleyway and forced you to cough up your user information.

“Because the login information that you manually provide (username and PIN) is only the first step of authentication, representatives from Google, NXP and Yubico that I spoke with all emphasized that you can reuse your PIN across multiple sites without compromising security,” Diallo writes. “A single four-digit PIN, used on every site you visit, would be a game-changer for consumers, and make hard-to-remember passwords a thing of the past.”

Although there’s no firm release date yet for the YubiKey Neo, Diallo says that Google and Yubico would like to start rolling it out next year.

Source:
Forbes
blog comments powered by Disqus