It is common for email passwords to be compromised and accounts hacked.
Google , as an adequate Security measure has a Tw Step verification now and millions are using it.
Google Engineers feel that this is not enough.
They feel that sensitive accounts may be protected better if a Hardware is Linked to the Computer/Laptops.
They are now testing a Hardware which probably would be integrated into the iPhone,smart phone.
They are also toying with the idea of a Ring with the code that would Link one to the Computer.laptop.
Their parameter is to use something that is both unique and is being carried by the individual.
Google is where it is because of innovations for convenience like this.
Google agrees. “Along with many in the industry, we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe,” Grosse and Upadhyay write in their paper.
Thus, they’re experimenting with new ways to replace the password, including a tiny Yubico cryptographic card that — when slid into a USB (Universal Serial Bus) reader — can automatically log a web surfer into Google. They’ve had to modify Google’s web browser to work with these cards, but there’s no software download and once the browser support is there, they’re easy to use. You log into the website, plug in the USB stick and then register it with a single mouse click.
They see a future where you authenticate one device — your smartphone or something like a Yubico key — and then use that almost like a car key, to fire up your web mail and online accounts.
In the future, they’d like things to get even easier, perhaps connecting to the computer via wireless technology.
“We’d like your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity,” the Googlers write.
The future may not exactly be password-free, but it will at be least free of those complex, hard-to-remember passwords, says Grosse. “We’ll have to have some form of screen unlock, maybe passwords but maybe something else,” he says, “but the primary authenticator will be a token like this or some equivalent piece of hardware.”
That means that if someone steals your card or your smart-ring, you’d better report it stolen pretty quickly.
Grosse and Upadhyay believe that once enough websites support this device-centric login technique, people mostly won’t need strong passwords, except in rare occasions — when they’re making significant changes to their account, for example.
But for Google’s password-liberation plan to really take off, they’re going to need other websites to play ball. “Others have tried similar approaches but achieved little success in the consumer world,” they write. “Although we recognize that our initiative will likewise remain speculative until we’ve proven large scale acceptance, we’re eager to test it with other websites.”
So they’ve developed a (as yet unnamed) protocol for device-based authentication that they say is independent of Google, requires no special software to work — aside from a web browser that supports the login standard — and which prevents web sites from using this technology to track users.