Simplified Seo »

Monday, 2 December 2013

Google plans to put an end to user-generated passwords...



Security experts often complain about obvious and poorly created passwords by users. To avoid user-generated passwords and ensure further security to data, Google now plans on a new security system altogether called U2F or Universal 2nd Factor, reports Forbes. With this new system, users will have to use a USB dongle called YubiKey Neo, designed and built to Google’s specifications by security expert Yubico.
The YubiKey Neo is reportedly a small, durable and driverless device that doesn’t require a battery. On plugging it into the computer’s USB port, it adds a second and highly secure layer of verification when you start accessing Gmail or Google Docs account on the Chrome OS. The login can be initiated by keying in a username and pin, and the browser will then communicate directly with the YubiKey Neo using encrypted data and authorise account access. YubiKey Neo and Google’s Chrome browser will engage in secure public-key encryption when you log in.
Anyone who wants to access the account will require the YubiKey Neo as well as the four-digit pin. Google calls YubiKey Neo “a digital key that is based on the smart card devices”, which is preferred by the military. Currently, several hundred thousand YubiKey Neo devices are now being used by employees. However, U2F logins are not available for the public yet.
Google’s Product Management Director for Information Security, Sam Srinivas said, “With U2F, we are not starting from scratch with an unproven system. We are building on protocols that have been proven in government and enterprise environments over the past few decades. The technologies behind smart cards have been the gold-standard for the security industry. What we are working on is adapting them to align with consumer needs.”
Google had joined the FIDO (Fast IDentity Online) Alliance, an industry standard that works towards effective, easy-to-use, open source solutions for Internet security, last year. On joining FIDO Alliance, Google published its U2F specification as an open standard. However, the search giant understands that the system must be implemented across a broad range of consumer products and services. It will have to create a viable ecosystem of web browsers, apps and hardware authentication devices supporting the protocol so that users can securely access content from mobile and desktop, be it shopping, financial or social sites.
The one-step authentication means, one doesn’t have to remember several passwords. A single four-digit PIN can be used on every site. The YubiKey Neo is the first U2F-certified hardware device, but FIDO Alliance members expect competition from other manufacturers in form of chips embedded into new computers and biometric-scanning devices and more.
Reportedly, no personal information will be stored on the YubiKey and no one will be able to determine the individual sites that the device has been configured to work with. Moreover, it’s a physical device, so you’ll easily know when it goes missing. For mobile devices, the YubiKey Neo is currently limited to compatibility with NFC-enabled smartphones. However, the team is working on bringing it to non-NFC devices.
Post a Comment

Search This Blog