Google's new security protocol sounds great, but let's ditch the rings

By Nathaniel Mott , written on January 18, 2013

From The News Desk

Security and convenience are in a constant struggle. Triple-encrypting your documents might prevent them from being stolen or viewed by prying eyes, but it also makes it more frustrating if you want to make a quick edit or double-check to make sure they're unchanged. On the same token, leaving a device without a password or allowing a website to store information might save time but also makes it easier for the wrong people to get at your goods.

A new initiative from Google is making the rounds with promises to make things both more convenient and more secure. The company has modified its Chrome Web browser to support the YubiKey -- and, in the future, other physical objects -- and allow anyone with access to the device to sign into their Google accounts. In a sense, these devices would use a physical key to unlock a digital world.

Great! Now we won't get hacked like Mat Honan did, right? Well, sure. But the system has enough problems that it's unlikely to take off any time soon, just like every other attempt to streamline security.

Let's deal with the problem unique to these tiny keys first: People forget things. They lose them. Who knows how many pens, keys, and other itty-bitty tools have been forgotten in couch cushions, in cars or subways, or on the street? If someone can forget the keys that allow them to get into their physical home to escape the elements and, you know, eat, what's to say that they won't forget the keys that allow them access to their digital lives?

It only takes one of these "keys" mistakenly making its way into a pool or a washing machine before someone says "fuck this" and starts begging for passwords again. As easy as it is to forget a password, especially if it's an appropriately complex series of alphanumerical characters, it seems to be easier to forget something that people can actually touch and feel.

The solution? Smartphones. Someone may forget a watch or some additional dongle, but smartphones are often within arm's reach of most users. As much as we'd like to think that wearable computing is the future, what with all of the suddenly "intelligent" glasses and watches and what-have-you, the smartest solution currently resides in our pockets.

Even if people manage to hold onto their "keys," however, there's another problem, albeit one that Google has already acknowledged and is trying to address. Ubiquity. If these "keys" can't allow access to every website or service someone wants to use the format is pretty much dead in the water. Why switch to a physical key for some services and passwords for another?

Thankfully, Google is working to solve that problem as well. The company has developed a protocol, which Wired reports as unnamed, that would allow other platform providers to bake device-based authentication into their own services and solutions. If a bit player in the industry were attempting this it would be a blip on the radar -- since it's Google, operator of the most popular search engine and a massively popular browser, it's worth noting.

Will we be unlocking our digital lives via our smartphones or -- fashion be damned -- rings or other itty-bitty tools any time soon? It's hard to tell. Some tools, like Keycard, already use a rudimentary form of this concept to unlock a computer when a paired smartphone comes within range. Others, like 1Password, have tried to convince people that it's okay to not know their own login credentials, so long as they can access the information they want to access.

Our smartphones will likely become the "brains" of our entire digital lives. If anyone can facilitate that switch it's Google, but it's fighting one hell of an uphill battle.

[Image via husin.sani but originally by Arnie Levin for the New Yorker]