Top Google bods are mulling over using cryptographic finger-ring gadgets and other ways for users to securely log into websites and other services.
The ad giant's security veep Eric Grosse and engineer Mayank Upadhyay have submitted the paper Authentication at Scale to the IEEE Security & Privacy Magazine; their central argument is that weak passwords are a bigger threat to online security than malware infection, hacker attacks or espionage. Passwords, as they stand, need to go, in the pair's opinion, but this process won't happen overnight:
In working to keep cloud computing users' data safe, we observe many threats - malware on the client, attacks on SSL, vulnerabilities in web applications, rogue insiders, espionage - but authentication related issues stand out amongst the biggest. When trying to help hundreds of millions of people from an unbelievable variety of endpoints, attitudes, and skill levels, what can possibly displace plain old passwords? No single thing, nothing overnight, and nothing perfect. A combination of risk-based checks, second-factor options, privacy-enhanced client certificates, and different forms of delegation is starting to find adoption towards making a discernible difference.
read more..........http://www.theregister.co.uk/2013/01/21/google_password_alternative/