Hardly a day goes by that some high-profile person -- along with countless people of lower profile -- has an account hacked. Weak password, stolen password, non-existent password -- whatever the cause, breaking into our digital lives is easy and getting easier.
That's why Google says passwords are no longer the best solution for sensitive accounts. "We contend that security and usability problems are intractable," write Google's Eric Grosse and Mayank Upadhyay, in an article to be published later this month in IEEE Security & Privacy. "It's time to give up on elaborate password rules and look for something better."
One idea: a ring that authenticates a user's identity so a password doesn't have to.
As first reported by Wired, "something better" will likely involve hardware. Google has already made a significant foray into this arena with two-step verification, which combines something the user knows (a password) with something the user has (a single-use code, sent to a smartphone connected to the account). The paper says that "millions" use two-step verification, and that it's among the largest services of its kind in the world.