Google to Change Your Locks for You

For a while now, the password has been a bit of a formality, much like a chain link fence. It is a method of demarcating your private property from the public space, but is only a minor obstacle when it comes down to actually keeping people out of your personal business. It’s a scary thing, too, considering just exactly how much an eight-character passcode is supposed to protect. Access to a primary e-mail can be a means for a hacker to easily harvest all of your other, more sensitive accounts, from banking and PayPal, to a rare Twitter (News - Alert) handle, even if they are protected with the most cleverly constructed passcodes.

Google (News - Alert) recently unveiled a new five-year plan to get rid of the flimsy password system that connects users to the ever expanding services the company provides. The company admits that the Google Account authentication process is vulnerable to the possibility of exploitation of the forgotten password functions.

The first step will be enforcing the two-step authentication process in which a correct password sends a text message to the user containing an access code. It’s thought of as more secure, and Twitter is in the process of implementing its own version. Google is through with being nice about it and is going to be much more militant in getting users to play by the company’s rules. This plan is not meant to make sign-in easier for the user, but rather the exact opposite. Increasing the friction of authentication is going to make information secure, and Google doesn’t mind if the trial of signing in annoys the end-user.

"We don't mind making it painful for users to sign into their device if they only have to do it once," said Google’s Eric Sachs, the group identity manager. The idea is to shift the user’s paradigm from sign-in to set-up. The current method at work in Google Accounts may make harsher authentication appear as a potential chore, with sign-in occurring in multiple steps. The final goal will be to have a Google Account set up on a set device, which will receive a cookie-like token, preventing the need for future authentication while using that device.

Inspired by what was learned through Android (News - Alert) OS smartphones, Google will be applying novel schemes for secondary authentication that it hopes will eventually be impossible to phish. Ideas on the table include presenting users with a map and requiring them to point to the location from which they are signing in.

Using an example of a banking application that prompts a user to open up a complimentary app on their smartphone and press a button in order to log in, Sachs has illustrated a future beyond the fence-like password system – one that is more like a digital home guarded by deadbolt locks and keys. Though it might cause annoyance in users who are reluctant to interact more with what they might think of as un-sensitive information, Google is making this choice for everyone in hopes that the future of the Internet will be a safer one.