[Cryptography] How Google's Physical Keys Will Protect Your Password

Jerry Leichter leichter at lrw.com
Wed Nov 1 19:34:49 EDT 2017 

>> The real question is whether it gets widespread adoption.  Often the real
>> novelty is figuring out how to get things deployed in practice.  Time will
>> tell whether this effort to get beyond passwords will gain some traction.
> 
> I can't see how it will, given that Google is doing exactly the same thing
> that every man and his wombat has already tried, and failed at.  In particular
> use by organisations [0] like banks and Paypal, where there's real financial
> value at stake, has failed to gain any significant adoption after a 1-2
> decades ...
Well, there is an exception - because they came at it from a different direction:  Apple.  Apple started of with Apple Pay, now very widely accepted by both providers and users and growing continuously.  More to the point - the underlying biometric authentication technology, which so far is used for Apple Pay and a couple of other things having mainly to do with payments (e.g., iTunes purchases) - but this is starting to shift.

It's possible for web sites to accept Apple Pay.  Current MacBook Pro's already allow unlock/login using the same fingerprint technology.

And of course the latest generation of Apple watches can already authorize Apple Pay payments and unlock your Mac.  If you already have an appropriately-capable watch on your wrist, why both to also carry around a Yubikey or similar device?

Apple could turn this around any time and provide a generic service.  If a web site accepts payments through Apple Pay - why not use the same mechanism for logging in to begin with?

We've had a number of attempts by companies to be the central authenticator for the Internet.  Google and Facebook have tried to get there; neither gained much traction.  I can see Apple heading that way - and unlike the others, Apple prefers to take a slow, steady approach:  Wait for the necessary technology to mature; provide a few basic but compelling uses; wait for a critical mass of users to join the ecosystem - then take the big leap, from a point so far ahead of others that they are instantly left with a huge catch-up job.

Exactly what plans Apple has in this direction, no one by Apple knows of course - but I'd guess we're getting close to seeing them revealed.

                                                        -- Jerry

More information about the cryptography mailing list