Google working on replacing Passwords with Hardware Identification based Passkeys
Passwords have been in existence in the computing world right from the beginning. In the past we have seen USB drives used as passkeys for logging into Windows 7, primarily to reset forgotten passwords. However, entirely phasing out passwords from local as well as web based applications now seems to be a distinct possibility in the next few years, in favor of more secure solutions involving unique hardware identification like flash drives.
While companies as well as enthusiastic independent programmers worldwide are working on further securing the transmission protocols for internet based data transfers, passwords remain an integral part of highly sensitive operations like monetary fund transfer, satellite based communication, military as well as civic databases with extensive details about people and events etc. Passwords are fast becoming the weakest link, or in other words the linchpin, in the vastly important framework of data security.
As a bright example of a dynamically evolving technological entity, Google has taken into focus a paper published by two of its security employees on the inherent fallibility of passwords. It is well on its way to having its staff reserve using passwords only once in a while, and using USB drives as passkeys instead!
While 2 step authentication – use of another verification method besides a password like a temporary code sent to your mobile phone or email account, date of birth, a secret question etc. – increases the level of security, it can’t be a long-term solution. The simple reason is that even the second step involves sending some information over a network, which can be intercepted and exploited.
Based on the paper published by Google’s employees, the hardware authentication device won’t send any new information to the local machine or over the network; it will just verify whether the identification device has been connected. This will eliminate the possibility of interception. All that needs to be ensured is that the “OK” code that is sent after verification of USB key or smartphone or some other authenticated device can’t be reproduced by the hackers.
Let us know what you think about replacing passwords with hardware passkeys like USB drives via comments. You might also like reading : Why Passwords Are Bad For Data Security