x PhoneArena is hiring! Reviewer in the USA
  • Hidden picShow menu
  • Home
  • News
  • Google's 5-year security plan aims for a "painful" sign-in that only happens once per device

Google's 5-year security plan aims for a "painful" sign-in that only happens once per device

Posted: , by Michael H.

Tags :

Google's 5-year security plan aims for a
There has been increasing chatter recently about the fact that passwords are simply not a very good option if you are really worried about keeping your data secure. Cracking techniques have gotten to the point that it doesn't much matter how long or how many special characters you use. Users tend to find two-step authentication a more secure, but more cumbersome option. And, a new document hints at Google's 5-year security plan, which looks past the current options.

The document makes it sound like Google wants to make two-step authentication the rule rather than the exception. Eric Sachs, group product manager for identity at Google, gives a the essence of Google's security plan: 
We will change sign-in to a once-per-device action and make it higher friction, not lower friction, for all users. We don't mind making it painful for users to sign into their device if they only have to do it once.
Sachs went on to say that at the start of Google's last 5-year plan (2008), the company didn't predict the level of smartphone adoption that we've seen. Of course, at that time, the iPhone was still relatively new, and the G1 wouldn't be out until later in 2008. Sachs says that the new 5-year plan sees using mobile hardware and apps as a point of friction for logging in makes much more sense. 

Sachs says that the device makes sense as the focal point. He mentioned that Google is working on a "God-level OAuth token" that would live at the system level of your smartphone and control access within apps and the browser. He also said that Google is looking into options like biometrics and NFC as a way to identify yourself and have one device authorize another. Ultimately, Google "would prefer for a user to authorize a new device by having an existing device talk to it via a cryptographic protocol that cannot be phished."

There's no word on when the changes will start, but as we've seen in the last 5 years, quite a lot can change in that span of time. 

source: Google via ZDNet

  • Options

posted on 10 May 2013, 15:37

1. phonemonkey (Posts: 168; Member since: 13 Feb 2012)

what if i yank your phone after you unlock it for that day?

posted on 10 May 2013, 15:48

2. blingblingthing (Posts: 570; Member since: 23 Oct 2012)

There should be password on it.

posted on 10 May 2013, 15:58 1

3. Jphones (Posts: 235; Member since: 10 Feb 2012)

There would be a device you carry with you and your phone. Like a nfc chip on your key chain that links with your phone to unlock it. So if someone ever stole your phone they couldn't unlock it because they dont have the other chip.

posted on 10 May 2013, 16:04 2

4. protozeloz (Posts: 5396; Member since: 16 Sep 2010)

That could be a problem for two things

1. What if the thief steals both?
2. What if you forget your chip?

I think fingerprints or other methods would be better

posted on 10 May 2013, 20:12

5. juanyunis (Posts: 73; Member since: 31 Aug 2012)

What if someone cuts your finger or fingerprint, lol i'm just kidding, but yeah you are right about other methods.

posted on 10 May 2013, 20:38

6. JusMePnut (Posts: 31; Member since: 23 Apr 2012)

Now that sounds like a good idea!

*not the finger tidbit lol

posted on 11 May 2013, 12:19

7. megadirk (Posts: 33; Member since: 28 Jul 2011)

As long as the whole screen registers as a biometric scanner and is an instantaneous unlock, then I'm fine with that. It will also have to work through gloves.

Want to comment? Please login or register.

Latest stories