Saturday, January 19, 2013

Google: Put a Ring on It

Google has just declared war.

Their opponent isn't Facebook, Microsoft, or Apple. They're not fighting a person or organization. They're not engaging in a litigious battle. Rather, their beef with a practice older than the Internet itself.

Google has made a stand against passwords.

2012 marked a rough year for Internet security. Popular sites such as Gmail, Yahoo, LinkedIn, and many others have experienced password breaches of thousands of user accounts.

Too many people are falling victim to online scams and phishing attempts. Too many people create overly simple passwords. Too many people reuse the same password for multiple accounts.

As a result, hackers are able to harvest user accounts like beets on a beet farm.

Google no longer believes that passwords are effective to keep users safe. One solution they offer is 2-step Verification for their accounts. Users who opt into this protection will receive verification codes on their phone via text message if they log into an unfamiliar computer.

This type of security is like locking an already locked door with a deadbolt. It won't protect you from highly skilled hackers, but it can protect you from phishers, keyloggers, and anybody who cracks your password. If you have a Google account, I would highly suggest activating this feature.

Eventually, Google wants users to unlock their accounts with a key. Literally.

Google's security team discusses a new form of web authentication involving a physical key in an upcoming volume of engineering journal IEEE Security & Privacy Magazine. This key will actually be a ring for users to wear on their finger. It will function as a transmitter to automatically send your login credentials to the computer when you touch the keyboard.

And we shall call it our precious...

While technological advances are exciting, we should still think critically about this revelation. Are passwords really a security measure of the past? What are the implications of a carrying piece of ID that can be scanned without our consent? What if we lose our ring? Is this a step away from Internet anonymity?

I've always been careful with my passwords and I've never dealt with a compromised account. Another security measure just adds an extra step between me and my account. Is more security worth my convenience?

I like Google, but I'm not sure if I want to put a ring on it yet.


  1. The realization that passwords are too easy to hack is overdue. But the ring is an odd way to have protection. I'll be interested to see where this goes.
    One thought I had while reading the article about Google's new idea was that people take off expensive rings to do certain things, like doing dishes or taking a shower. With one like this that would be technology based, it would definitely have to be taken off before showers or washing hands. This increases the risk of getting lost or stolen. And because this thing has ALL of your information, it would be super important. I am a very forgetful person, so simply forgetting to grab this before I leave the house could mean no access to my accounts. I'd like to know if they have a backup plan for us or what they were thinking for situations like this.

  2. PS, Ace, I appreciated your LOTR references ;)

  3. I personally would not be in favor of wearing a ring with all of my passwords. The two step process seems helpful, but I think general password education would be even more beneficial. Most people don't realize that you should make more complicated passwords. Fortunately my Dad is a big advocate of internet security for my family and I so my accounts have (I'd say) pretty complicated passwords.

    I use a program called Password Safe that you can store with all of your passwords. You then only have to remember one mega password to unlock the safe. Mine is long (but something I can remember), and I have found it to be very helpful. It seems to be a more digitized version of the One Ring.

    I too appreciated your LOTR references :)

  4. O lawd, that "And we shall call it our precious..." bit cracked me up.

  5. I have a question about this. Would the ring store all of your usernames as well as your passwords? I feel like, if the ring stored only your passwords, which could only be activated by going to the site you wish to log in to and entering your username, then it would be much safer compared to a device that just logged you into everything when you applied it and gave you free reign of the resulting site options (which is what it sounds like it is right now, if I'm not mistaken). It would be like a buffet not only for hackers, but for anyone who might happen to recognize a password ring sitting on the bathroom sink and pick it up. It could turn ordinary people into hackers.

    I also question, like Amanda, whether a ring would really be the best form for a password key to take. Like she said, it would have to be removed often, and has a high chance of being lost. Maybe something like a keychain or a bracelet would fare better. Better yet, maybe Google could offer a variety of forms, allowing the user to choose the best one for him/her.

    I think Google's onto something with this password ring idea, as it could really cut down on hacked accounts, but it's still naught but a fledgling. It needs some improvements, or rather, if you'll excuse my metaphor, to be taught to fly.

  6. First of all, I would not feel comfortable wearing a ring to log into Google, Facebook, etc. What would happen if you were to misplace your ring or if it was stolen. That could turn into it's own form of hacking, stealing a ring. I approve how they are trying to help their employers by creating a new system, but if someone wants to get into your computer that badly it will probably happen.

  7. I hardly consider myself a person who should wear a ring. I don't like how it makes my finger feel. So for me, I would almost detach myself from the idea of this kind of security. I love the idea of getting a notification every time I log on to a different computer. I should activate that immediately...

  8. I’m not going to lie, my first thought when I heard about this new idea of using a ring to verify your identity was that it sounded really cool, but upon thinking about it more critically I’m not sure it’s a good idea. Personally, I have had my email hacked before and it was an inconvenience, but not much more than that. I’ll be the first to admit that I do not keep my passwords very safe.

    The idea of having a ring to log in seems to be too much effort. Can’t we simply encourage people to change their passwords and make them difficult to guess? It seems more like a personal problem to me. If people don’t follow the proper security measures, then it’s their fault if they get hacked. Having a ring would just add a new dimension to it and make it more complicated. What if the ring was lost? That seems like a larger security problem especially if you use it to verify multiple accounts. What’s next a barcode tattoo with all our bank account information?

  9. What clever writing! I completly agree on what you're saying. It seems a little crazy to think of everyone wearing a ring that is for their technology. Won't hackers just learn how to scan - or steal those rings? How will we as humans be able to "unplug" from technology? Crazy world but great blog post.