Tesco Tech Support Blog

Will Google abolish passwords?

When it comes to online security, most passwords aren’t good enough.

LastPass' YubiKey Configuration

LastPass' YubiKey Configuration

You may well know that any two-bit hacker can break into your account within seconds if you’re using one of the most common password combinations like ‘1234’, a relative’s birthday or the word ‘password’ itself.

But even more complicated passwords, like using numbers instead of letters in ‘p4ssw0rd’ is not much safer.

The problem is that hard to crack passwords are hard to remember – and even if you choose random combinations of numbers and letters, if a criminal has installed keylogging software on your PC they can still capture your password as you type it.

That’s why Google bosses have been touting the idea recently that we may have to move away from passwords towards ‘hardware tokens’ – in other words, something physical fitted with a communications chip that you have to touch to a reader to access your Gmail account (for example).

The suggestion is that your mobile phone or a piece of jewellery – like a smart ring – would act as an ID card for web services. A hacker would have to have access to this token in order to break into your account, but if they tried to steal it, revoking its access can be done in the click of a mouse.

In other words, if you lose it, you can render it useless and apply for a new one.

As far as security goes, it beats tablets hands down – but since it would require you to have a reader attached to any PC or device you wanted to access your online accounts from, probably won’t be in common use for a while. Still, as a vision of the future it’s compelling.

If you want to try out what it might feel like to rely on a hardware token as security, there are ways to get it already. Online password locker Lastpass, for example, already has a USB key option which will only allow you to use its service if the key is plugged into your PC.

It’s worth looking in to. As Google put it in a research paper, “we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe”.

Sooner or later, big sites will start insisting on this extra level of protection, as much for their own good as for yours.

You might also like to read: