Google's 5-year security plan aims for a "painful" sign-in that only happens once per device

Google's 5-year security plan aims for a
There has been increasing chatter recently about the fact that passwords are simply not a very good option if you are really worried about keeping your data secure. Cracking techniques have gotten to the point that it doesn't much matter how long or how many special characters you use. Users tend to find two-step authentication a more secure, but more cumbersome option. And, a new document hints at Google's 5-year security plan, which looks past the current options.

The document makes it sound like Google wants to make two-step authentication the rule rather than the exception. Eric Sachs, group product manager for identity at Google, gives a the essence of Google's security plan: 
Sachs went on to say that at the start of Google's last 5-year plan (2008), the company didn't predict the level of smartphone adoption that we've seen. Of course, at that time, the iPhone was still relatively new, and the G1 wouldn't be out until later in 2008. Sachs says that the new 5-year plan sees using mobile hardware and apps as a point of friction for logging in makes much more sense. 

Sachs says that the device makes sense as the focal point. He mentioned that Google is working on a "God-level OAuth token" that would live at the system level of your smartphone and control access within apps and the browser. He also said that Google is looking into options like biometrics and NFC as a way to identify yourself and have one device authorize another. Ultimately, Google "would prefer for a user to authorize a new device by having an existing device talk to it via a cryptographic protocol that cannot be phished."

There's no word on when the changes will start, but as we've seen in the last 5 years, quite a lot can change in that span of time. 

source: Google via ZDNet



1. phonemonkey

Posts: 168; Member since: Feb 13, 2012

what if i yank your phone after you unlock it for that day?

2. blingblingthing

Posts: 980; Member since: Oct 23, 2012

There should be password on it.

3. Jphones

Posts: 259; Member since: Feb 10, 2012

There would be a device you carry with you and your phone. Like a nfc chip on your key chain that links with your phone to unlock it. So if someone ever stole your phone they couldn't unlock it because they dont have the other chip.

4. protozeloz

Posts: 5396; Member since: Sep 16, 2010

That could be a problem for two things 1. What if the thief steals both? 2. What if you forget your chip? I think fingerprints or other methods would be better

5. juanyunis

Posts: 73; Member since: Aug 31, 2012

What if someone cuts your finger or fingerprint, lol i'm just kidding, but yeah you are right about other methods.

6. JusMePnut

Posts: 31; Member since: Apr 23, 2012

Now that sounds like a good idea! *not the finger tidbit lol

7. megadirk

Posts: 33; Member since: Jul 28, 2011

As long as the whole screen registers as a biometric scanner and is an instantaneous unlock, then I'm fine with that. It will also have to work through gloves.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit for samples and additional information.