Once again, Google is blazing a new technology path, not necessarily by innovating, but by having the size and influence to make change happen in an industry that seems at times to get stuck in a vicious circle. In this particular case, technology has been navel-gazing on the password issue for years despite having the solution in hand decades ago: multi-factor authentication. In its most simplistic and well known form, you have probably been using two-factor MFA for years without even realizing it: your ATM card and PIN. In MFA terms, this is “something you have” (your ATM card) and “something you know” (your PIN). Without both present, authentication doesn’t happen.
Using its thousands of employees as guinea pigs since early 2013, Google is testing a technology platform it plans on releasing in 2014 based on MFA. The “something you have” in this case is a small USB FOB that is paired with your user login and a simple 4-digit PIN (“things that you know”) that authenticates you on a computer or an NFC-capable mobile device. If this sounds familiar, it may be because this device I wrote about previously does essentially the same thing. Instead of having to remember a bunch of different passwords, whenever you needed to prove who you are on the web or in an app, you could plug in your Yubikey (or tap your Nymi!) and viola, “Identity Verified!”
What this means for you:
The Yubikey Neo isn’t available yet, and Google hasn’t given a firm date as to when it will be available other than “2014”. Also, the utility of the device is highly dependent on a wide variety of services adopting the authentication platform, so even if they made it available as early as next month, you may find it to be somewhat useless until your favorite providers implement the technology, if they do at all. If you want to show your support for the death of the password, you may want to jump on the Nymi bandwagon, as even if the product never gets widely adopted, you can still accessorize with a wearable conversation-piece!
