Network account and password always let us Touyunnaozhang to you not also have been looking forward to a more simple way to log your network account? If you only need to think about through the hands of the ring light touch computer will be able to complete the login that nice!
Now our desire to finally be able to be close to. Recently, Eric (Eric Grosse), Gross, vice president of Google security team security and safety engineers the Mai Yena · 阿帕德 (Mayanl Upadhyay) magazine this security and privacy in the IEEE (American Institute of Electrical and Electronic Engineers) the end of the month to be published soon in a new research paper, people may use some of the new Web site login method. This includes Ring authentication technology, the article just mentioned that all of these methods to practical problems are only a matter of time.
2012, it seems that the traditional secret security sign is completed. This year, almost everyone will be received on the Internet and sent spam e-mail account was hacked or deceive funds information (such as looting in London ... scam).
In August last year, "Wired" magazine journalist Mat Honan account black events is enough to illustrate how hackers lethal. That incident, the hacker deleted Mat Honan Gmail account, its Twitter account, and use its Twitter account to release some racist remarks.In addition, hackers remote control to delete the e-mail and photo of the whole yearHonan's iPhone , iPad and laptop valuable. The hackers erased almost all digital data Honan. The incident caused widespread concern.
The password is a cheap and simple authentication method for network users, but its security for today's Internet is not enough. Of course, the future is the same.
"Gross and wrote in their paper:" with many other peers in the industry, we feel that the simple bearer token, such as passwords, and cookies not enough to guarantee the safety of the user. "
Therefore, they are trying a new password alternative methods, which include a small Yubico secret security card, users simply this secret security card into the computer's USB interface that can automatically complete the Google browser login. In particular, they improve Google web browser to apply these secret security card. Once the browser supports, the user does not need to download any additional software to use the validation method.Users log on to the site, into the USB secret security card, and then click the mouse to complete the login.
They said there will be a similar Yubico key equipment or direct use of smart phones to authenticate the user like using the car keys to open the webmail or online account. They hope that the future of these devices as simple as possible, and may use a wireless connection to the computer.
They wrote: "We hope to complete the certification rings touch the computer through the use of smart phones or embedded smart card may not have a network connection to the case, even on the phone can still complete.
"In the future, we may not be completely would give up the password, but at least no longer is a complex, hard-to-remember passwords," Gross said, "we must have some form of screen unlock method, perhaps a password or other thing, but the use of tokens or similar hardware will undoubtedly become a mainstream way. "This also means that if the secret security card or embedded smart card ring lost, the user needs to promptly report the loss.
The Gross and that, once a sufficient number of sites to support this hardware Log in technology, except in a very few cases, such as the need for major changes in their account, people no longer need to use a variety of complex password.
However the Google password liberation plan in order to really be implemented, but also need the support of other sites. They wrote in the article: "had some people in the consumer area the implementation of a similar approach, but with little success. Know before been generally accepted, our plan will certainly be questioned, so we desire its common with other websites test. "
To this end, they have developed an independent Google Chrome hardware-based authentication protocol (currently, has not yet disclosed). In addition to the the Support Login standard web browser without additional software, so you can also prevent web site using this technology to track user information.