Saturday, January 19, 2013

Google: Put a Ring on It

Google has just declared war.

Their opponent isn't Facebook, Microsoft, or Apple. They're not fighting a person or organization. They're not engaging in a litigious battle. Rather, their beef with a practice older than the Internet itself.

Google has made a stand against passwords.

2012 marked a rough year for Internet security. Popular sites such as Gmail, Yahoo, LinkedIn, and many others have experienced password breaches of thousands of user accounts.

Too many people are falling victim to online scams and phishing attempts. Too many people create overly simple passwords. Too many people reuse the same password for multiple accounts.

As a result, hackers are able to harvest user accounts like beets on a beet farm.



Google no longer believes that passwords are effective to keep users safe. One solution they offer is 2-step Verification for their accounts. Users who opt into this protection will receive verification codes on their phone via text message if they log into an unfamiliar computer.

This type of security is like locking an already locked door with a deadbolt. It won't protect you from highly skilled hackers, but it can protect you from phishers, keyloggers, and anybody who cracks your password. If you have a Google account, I would highly suggest activating this feature.

Eventually, Google wants users to unlock their accounts with a key. Literally.

Google's security team discusses a new form of web authentication involving a physical key in an upcoming volume of engineering journal IEEE Security & Privacy Magazine. This key will actually be a ring for users to wear on their finger. It will function as a transmitter to automatically send your login credentials to the computer when you touch the keyboard.

And we shall call it our precious...



While technological advances are exciting, we should still think critically about this revelation. Are passwords really a security measure of the past? What are the implications of a carrying piece of ID that can be scanned without our consent? What if we lose our ring? Is this a step away from Internet anonymity?

I've always been careful with my passwords and I've never dealt with a compromised account. Another security measure just adds an extra step between me and my account. Is more security worth my convenience?

I like Google, but I'm not sure if I want to put a ring on it yet.