Going by the past year trends, entering passwords is not a safe way of surfing the net anymore. A stolen account due to phishing, hacking, social engineering, etc, is a common mishap these days. Google along with many other firms is attempting various solutions for such a menace and one of them is killing passwords and logging into respective accounts using their mobile devices.
In this process, the password-killing tool of Google is taking a cue from Yahoo, which through its security called Yahoo Account Key is linking the yahoo account to the mobile device and every time someone logs into their yahoo account in some other device a notification is sent on the mobile device. Earlier Yahoo transitioned account passwords into single-use SMS codes, and with Account Key concept Yahoo is attempting to get rid of them for better. Google for the time being with a smaller test program is also doing the same thing now.
So once a user’s mobile device is authorized, they can input their account details on any computer. Their mobile device should have some sort of screen lock safety feature, as unlocking the mobile phone is a prerequisite to denying or approving access to the user’s account with this feature. With this new login option, a notification appears on your mobile phone and login is approved by tapping “Yes”. And if they desire to, they have the option to log in with the regular password as well. Users are also educated how to deactivate a lost mobile device as well as how to add a new device if they happen to upgrade their mobile handset.
This step is the latest indication suggesting that this industry is taking users away from the traditional password-centric approach, however, it also suggests that the companies are still not confident how to replace them fully. The passwords are impossible to get rid of right now but keeping a tab on all the passwords can lead to chaos so the users switch to easy to use passwords like “Pizza” or “123456” or “password.” Leading to vulnerability due phishing attacks and breaching. Alvaro Bedoya, the executive director of Georgetown Law’s Center on Privacy & Technology said, “Right now it’s relatively convenient to have a simple password,” and adding “But as hacks increase and breaches proliferate, people are starting to realize that also may be dangerous.” So these measures of two-step authentication will surely increase security but now the users, on the other hand, are also finding this step as a source of additional hassle.
Biometrics is yet another prospective password alternative which can be explored, it uses physical characteristics like fingerprints (as done in i-phone brands) to prove who you are. New measures are being researched due to the issues with password protection as consumers are not very keen to always go through the additional steps in multi-factor verification methods.
Bedoya also said that people and companies should ponder with caution as before relying only on one type of authentication they should consider more factors as they come with their own risks.
“At the end of the day, the more factors you add – the more secure you are,” he added.