Google is looking at a number of hardware-based authentication mechanisms to bypass one of security's biggest vulnerabilities: the written password. Read More ..
Wired Magazine got an advanced look at a report submitted by a Google security team for IEEE Security & Privacy Magazine that discusses alternatives to today's most common modes to access online sites, such as Web-based e-mail, that typically involved typing a username and password into fields. Over the years, cybercriminals have taken advantage of both user's lack of imagination with passwords to make brute-force attacks easier. They've also been able to extract the more creative combinations via phishing scams.
"Along with many in the industry, we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe,” write Google VP of Security Eric Grosse and Engineer Mayank Upadhyay in the paper, which hasn't been made public yet.