Top Google bods are mulling over using cryptographic finger-ring gadgets and other ways for users to securely log into websites and other services. The ad giant's security veep Eric Grosse and engineer Mayank Upadhyay have submitted the paper Authentication at Scale to the IEEE Security & Privacy Magazine; their central argument …
This magical ring will work on my Android tablet too ? oh no, Google designed it without a USB port
Google haven't really designed the tablets, some are LG, some ASUS, IIRC. Many Android devices do have a USB host port, disguised as the standard microUSB port- that's why microUSB has 5 pins instead of USB A's 4: shorting the extra pin to ground tells the tablet to act as a host, so that thumb sticks, card readers and keyboards can be plugged in. See USB OTG
That said, one of the LG-built Nexus devices won't do it all, another needs persuasion.
One Ring to find them,
One Ring to bring them all, And in the darkness bind them.
Plus-one to the author for using the term "criminal hackers".
Another plus-one for the subtitle..
SMS code = good. Google Authenticator app = better.
If you use Google apps then you really should put the Google Authenticator app onto your smart phone, and then you'll still be able to 2-step authenticate when you don't have mobile signal. Does everyone here know about this already? I've been using this for over a year now, and while still not perfect I feel much safer than the rest of the crowd.
Re: SMS code = good. Google Authenticator app = better.
I was wondering why the writer of this piece hadn't mentioned the App which already provides a time limited code.
Same here I have been using it for about a year, after looking at my Google dashboard and everything it's collected about me I think it would be madness not to have a 2 step auth on my account (of course some would say it madness letting Google have all that info in the first place and it's only of use to advertisers which I ignore/miss anyway). Of course the whole issue of if my phone gets stolen or lost is still there but I've made sure I have remote wipe enabled/available.
Re: SMS code = good. Google Authenticator app = better.
I keep some backup codes in my wallet so I don't need to have a functioning phone at all.
Let them have one finger...
...and they will take your whole hand.
Re: Let them have one finger...
"..and they will take your whole hand."
If you used pseudo-random number generator you would have no such troubles. But noooo, they always have to find a way to spy on people or something, be it their personal cell phone number, distinctive ring...
I don't know...
I think it's definitely a step forward from easy-to-guess passwords, and passwords used across multiple sites...
I'm not naive enough to suggest that it's the ultimate solution, but I can see those things, potentially in a number of form factors (e.g., finger ring as suggested in the article, key fob, USB stick, etc.), being a solution.
I could potentially see this being the killer app for NFC that everybody has been waiting for -- not pay-by-bonk, but login-by-bonk; NFC receiver in your phone / laptop / PC keyboard / mouse, and when you need to login, just bonk.
If you incorporated it into a keyboard or mouse, you could simply replace your old one, and not have another piece or USB gadget to connect to your laptop / PC.
Re: I don't know...
Hey Otto, good news - that's exactly what we have developed at Hoverkey and we're very glad that people are starting to realise the what a great idea it is to authenticate on a mobile device via NFC! And it's all done with proper crypto & stuff. Now if we can just get Google's attention...
How many rings to rule them all?
One for each board member
So, that is the LOTR joke settled
Sorry, couldn't resist
Mine is the one with the three volume edition
Quite a few people never wear rings to prevent nasty machinery ripping your fingers off.
So that would be most engineers.
Finger print scanner or face recognition might work in a similar fashion if a tad less than 100% reliable first time but at least you wont forget those on your way out the door.
finger in the pie
for google, like with self-driving cars. Why haven't they patented the idea yet? Or is it, that a ring, for being round-cornered, pretty much everywhere, has been patented by you-know-who already?
Or is the the folks who made that Tolkien movie about 3 rings or something?
The end of anonymous internetting?
Is this Google trying to bring about the end of anonymous surfing/blogging etc?
I think this is a dangerous road to go down, especially if you live in a country where the government makes you disappear for your political views.
I dont like what Google have been doing these last few years.
Kinda like how Microsoft REALLY wants you to log into your Windows 8 PC with your Microsoft LIVE account? Don't think so. I'm happy with system authentication on my PC, Mac, Phone, and Tablet at present. Won't be signing up for this "ring on the finger" nonsense. It's daft. Criminals will just steal your ring to get your identity. Haven't these geniuses even figured that out??
Not good enough
I want a ring like that of Ming The Merciless, that generates earthquakes, tidal waves and - er - hot hail on obscure planets in the SK system. Or just Dunstable, I'm easy.
If the idea of Google's ring on your finger seems iffy, just wait until the Internet of Things gets to personal health monitors, with all that yummy data. Google won't be able to resist; we can tell you your diet's crap 'cos we've got our finger on your ring...
A great* philosopher and poet once said...
It's just a ring on your finger,
when there's time on your hands.
*- for some small values of "great"
To close your Google account...
all you have to do is travel to Mordor and toss the ring into a volcano.