Google investigating different two-factor ID solutions
18 January, 2013
category: Corporate, Digital ID
The password backlash continues as Google is set to publish a paper on different forms of two-factor authentication, according to a Wired.com report.
The engineering journal IEEE Security & Privacy Magazine is set to print the paper from Eric Grosse, vice president of security, and Mayank Upadhyay, an engineer at the tech giant in late January. Passwords will not go away completely but can become less cumbersome with the addition of another factor of authentication.
The research paper outlines a few different technologies that consumers can use to better authenticate online. One method includes using a cryptographic card that slides into a USB reader and automatically logs a user into Google and other sites. This method required Google to modify its Web browser but there’s no additional software to download. A user logs into the site, plugs in the USB stick and then registers it with a mouse click.
The smart phone will also potentially play a role in future authentication schemes and well as using a technology that uses wireless technology, such as near field communication. The paper lays out a future where a smart phone or token embedded in a ring could be used for identification.
In order for any new authentication scheme to take off other sites will have to participate. To entice other relying parties Google has developed an independent protocol for device-based authentication, that doesn’t require any special software to work.
Google has been offering two-factor authentication for a couple of years. User’s can either have a six-digit code texted to them or download an app that created the code.