• Welcome to Tamil Brahmins forums.

    You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our Free Brahmin Community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

    If you have any problems with the registration process or your account login, please contact contact us.

Google starts testing alternative login methods without passwords

Status
Not open for further replies.
[h=1]The beginning of the end: Google starts testing alternative login methods (No passwords)[/h] December 22, 2015 Kishore Ganesh Leave a comment Edit



490537342.jpg


Passwords have been a part of the Internet since its very inception, and over time, even though standards have come and gone, passwords still remain one of the important pillars of security.


Sure, encryption standards have evolved, and we have moved on from storing passwords in plain-text (Believe us, there used to be such a time), but the quintessential part of any security system is still the password.


And as they say, a security system is as strong as its weakest link. And though current encryption standards are pretty much impenetrable, the weakest link is actually the users themselves. Users choose weak passwords that can easily be guessed, and many fall prey to phishing attacks.
This is why Google has started testing an alternative login method that eliminates passwords from the equation. Here’s how it works: You type in your Email, and instead of typing in your password, you get a notification on your phone, which you have to accept. That’s it, you are now logged in. A few taps on your phone, and you are logged in on that device.


It certainly is more user-friendly than entering an esoteric password, and more secure than passwords.


Sure, it’s not ideal having your phone on you all the time, but for those who do, this is an interesting compromise. Right now, the test participants have the option of using a password if they don’t have their phone.


Google has expressed interest in alternative login methods for years, and it even bought an Israeli startup for its interesting inaudible noise-based login method. In the future, we may see such alternative login methods becoming the norm, with the password being completely eliminated. What do you think? Is it time to spell doom for the password?

http://techgeekforever.com/2015/12/...sting-alternative-login-methods-no-passwords/
 
The beginning of the end: Google starts testing alternative login methods (No passwords)

December 22, 2015 Kishore Ganesh Leave a comment Edit



490537342.jpg


Passwords have been a part of the Internet since its very inception, and over time, even though standards have come and gone, passwords still remain one of the important pillars of security.


Sure, encryption standards have evolved, and we have moved on from storing passwords in plain-text (Believe us, there used to be such a time), but the quintessential part of any security system is still the password.


And as they say, a security system is as strong as its weakest link. And though current encryption standards are pretty much impenetrable, the weakest link is actually the users themselves. Users choose weak passwords that can easily be guessed, and many fall prey to phishing attacks.
This is why Google has started testing an alternative login method that eliminates passwords from the equation. Here’s how it works: You type in your Email, and instead of typing in your password, you get a notification on your phone, which you have to accept. That’s it, you are now logged in. A few taps on your phone, and you are logged in on that device.


It certainly is more user-friendly than entering an esoteric password, and more secure than passwords.


Sure, it’s not ideal having your phone on you all the time, but for those who do, this is an interesting compromise. Right now, the test participants have the option of using a password if they don’t have their phone.


Google has expressed interest in alternative login methods for years, and it even bought an Israeli startup for its interesting inaudible noise-based login method. In the future, we may see such alternative login methods becoming the norm, with the password being completely eliminated. What do you think? Is it time to spell doom for the password?

http://techgeekforever.com/2015/12/...sting-alternative-login-methods-no-passwords/

Not sure what is novel in the way the story is written.

Apple devices, Android devices and Windows Surface / windows phone already use biometric identification. They can recognize eyes as well as finger prints to login.

In the security world, stronger means to authenticate is to use what is called two factor authentication.
The idea is to use two items - one you know (like a password) and one you have physically.

Two factor authentication has been around for almost two decades.

In this example cited in the article, the phone is the item you have. Login to the phone still requires a PIN or password. So an additional password for Gmail may not be needed.

There is a bit of sneakiness in all these attempted improvements. What Google and all these companies like to do is to gather privacy information about one as much as possible without being overt.

So if one uses Chrome, it will know from other actions who you are - there will be no need to enter an explicit password.

Then every search one does is all catalogued to draw information about a person.

Recently one of my friends shared one of her childhood pictures in some context in one of her email address. The system cached that image and made it available so much so that when she called someone her new childhood picture was showing up on the receiver's phone.

When I told her about this she was shocked as to how the system made all these associations.

In any case coming back to the password story there is nothing innovative as to what Google is trying to do. Or perhaps the journalist who wrote the piece got it all wrong as to what the innovation is.

The side benefit is without overt login one is propagating their authenticated identity across many applications.
 
Internet Companies nowadays rely on advertising, and user data is up for grabs, so privacy cannot be expected to be maintained online. Whether you choose to not use these services or not, as long as you are online, some online service is collecting data about you. For example, even if you are not a user of Facebook, its cookies embedded in just about every major website collects data about you, so when you create an account on Facebook, it already knows quite a bit about you.

Now, as for the novelty of this whole process, it is mostly about convenience. It is an improvement of two-factor authentication in that it only requires a notification to log in, whereas in two factor authentication, a code is sent and you need to enter it to confirm that it is really you. While in two factor authentication, the password is still an important facet of the process, in Google's new login methods, the password is not used at all. Instead of entering a password and then entering a code, you just enter your Email and you are logged in. Plus, there have been reports that two factor authentication is not as secure as it is hyped up to be (Source: http://krebsonsecurity.com/2012/06/attackers-target-weak-spots-in-2-factor-authentication/), which is why companies are looking for new login methods that are both more convenient and more secure.

For instance, two factor authentication is still affected by the security of the user's password, whereas Google's new login method somewhat bypasses that vulnerability (Even so, it is still not secure, because there's an option to enter a password. When the password is completely eliminated, that's when it will truly be a step up in terms of security over two factor authentication.). Google also has other login methods in the works, such as using inaudible sound to log in, which is actually novel and perhaps more secure than both. It is just a matter of these new technologies being adopted, and while we may never be completely secure, and our privacy is always up for grabs, a little fortification doesn't hurt.
 
Internet Companies nowadays rely on advertising, and user data is up for grabs, so privacy cannot be expected to be maintained online. Whether you choose to not use these services or not, as long as you are online, some online service is collecting data about you. For example, even if you are not a user of Facebook, its cookies embedded in just about every major website collects data about you, so when you create an account on Facebook, it already knows quite a bit about you.

Now, as for the novelty of this whole process, it is mostly about convenience. It is an improvement of two-factor authentication in that it only requires a notification to log in, whereas in two factor authentication, a code is sent and you need to enter it to confirm that it is really you. While in two factor authentication, the password is still an important facet of the process, in Google's new login methods, the password is not used at all. Instead of entering a password and then entering a code, you just enter your Email and you are logged in. Plus, there have been reports that two factor authentication is not as secure as it is hyped up to be (Source: http://krebsonsecurity.com/2012/06/attackers-target-weak-spots-in-2-factor-authentication/), which is why companies are looking for new login methods that are both more convenient and more secure.

For instance, two factor authentication is still affected by the security of the user's password, whereas Google's new login method somewhat bypasses that vulnerability (Even so, it is still not secure, because there's an option to enter a password. When the password is completely eliminated, that's when it will truly be a step up in terms of security over two factor authentication.). Google also has other login methods in the works, such as using inaudible sound to log in, which is actually novel and perhaps more secure than both. It is just a matter of these new technologies being adopted, and while we may never be completely secure, and our privacy is always up for grabs, a little fortification doesn't hurt.

Regarding privacy: It is about a company being transparent about what they collect, how they collect and what they do with it. There is a backlash against Google in some of the European countries for not living up to be a good corporate citizen. Once the privacy exposure is known for a reasonably savvy user then it is up to the person to deal with the tradeoffs of convenience and leakage of privacy.

I use Google Now and I know how they collect information and assist me. That is better than some other product which exposed information (one of their early forays in to social networking) that I never permitted them to broadcast. They quickly withdrew the product. The Google Glass tarnished Google's image (with coining of the term Glassholes of those using them) and they pulled them out of market.

Unlike in India, people in the west will kill a product's image if a company did not play fair with information they collect.

Two factor does not always mean that a code is sent that has to be entered. In fact in Microsoft implementation , they have an app that runs on all mobile platforms. The attempt to login to my microsoft account creates an alert in my phone and the app wants me to just tap an approval button. I still have to login to my phone (trust is transitive here) with my password for the phone. But tapping is all I have to do to send the code. Now Microsoft could very well eliminate the password to the account and will still satisfy the criteria for two factors - namely what you know (in this case password for the phone, account number ) and what you have (phone itself).
 
Status
Not open for further replies.

Latest ads

Back
Top