We are all used to passwords as the de-facto authentication..recent news is suggesting its time may be up
Heather Adkins, Google’s manager of information security, has recently mentioned that in the future, the “game is over for” any startup that relies on passwords as its chief method to secure users and their data.
She also said that “our relationship with passwords are done,” and that “passwords are done at Google.”
She talked briefly about Google’s use of two-step authentication and the fact that the search giant has been working to innovate in the area of non-standard password security. As a result, she said, any startup that still relies on standard passwords needs to ensure that it has an abuse team set up to deal “with customers getting compromised.”
Although Adkins didn’t offer any real specifics on how Google will innovate beyond today’s security, she did say the company is experimenting with hardware-based tokens as well as a Motorola-created system that authenticates users by having them touch a device to something embedded, or held, in their own clothing. “A hacker can’t steal that from you,” she said.
Adkins pointed out that hackers intent on making money from their bad acts had consistently found ways to exploit Google users who had yet to turn on two-factor authentication. Essentially, she explained, hackers were able to get into such users’ accounts, turn on two-factor authentication themselves, and lock the users out before utilizing those accounts to send spam. “They are finding new ways to make money off it,” she said. “Ways we hadn’t anticipated.”
Read the full story at https://news.cnet.com/8301-1009_3-57602286-83/google-security-exec-passwords-are-dead/
So that brings us to the next question..After passwords, what next. The truth is that inspite of developments in authentication technology like hardware tokens, two factor authentication etc passwords still remain the most easily administered and deployed technology of authentication. So for any new cross over technology to become popular, it must be easy to register and administer as the humble password. Till the bridge is crossed probably passwords are here to stay.