After a streak of hackings over the past few years, Google is testing a new way of making accounts safer by replacing passwords with hardware tokens.
Although the technology is not expected to be available for a couple of years, analysts say this could be the most tactical move that the company has taken against hackers.
Kaspersky Lab’s chief malware expert Alex Gostev, however, says such a move would be restrictive, especially to users, as it would limit them from checking emails on several devices, such as at cyber cafes or other people’s computers.
“Tokens like these are widely used on corporate networks, but using them to safeguard a free online mail account is excessive. It’s not the most convenient solution for users because it restricts their ability to check mail on any device, say at a friend’s or an internet café,” Gostev said.
He added that although attacks have become rife in the past months, there are other ways to keep out hackers without such radical steps as the two-factor authentication already being used by Google.
Under the two-step authentication process, Google sends a one-time code to consumers via SMS that can be used in addition to the password, making it harder for hackers to get into users’ accounts.
“It is not yet Google’s stated intention to replace passwords with some other form of authentication, some of the company’s employees simply wanted to see how secure different authentication systems could be and USB tokens were among those they tried out,” Gostev said.
“It’s more like a bit of research, though it’s not really clear how applicable it is for Google’s own services.”
For now, passwords are here to stay, even with the recent statistics indicating that hackers could take justseconds to penetrate the defences of most accounts in 2013.
