[Cryptography] How Google's Physical Keys Will Protect Your Password
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon Oct 30 19:42:41 EDT 2017
Viktor Dukhovni <cryptography at dukhovni.org> writes:
>> On Oct 30, 2017, at 4:08 AM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
>>
>> Somewhat less snarkily, is there anything actually novel here, or is it just
>> really old news that's new again because the term "Google" is attached? I
>> can't see anything to get excited about. It's not even "Google's Keys", it's
>> someone else's stuff that Google has adopted.
>
>The real question is whether it gets widespread adoption. Often the real
>novelty is figuring out how to get things deployed in practice. Time will
>tell whether this effort to get beyond passwords will gain some traction.
I can't see how it will, given that Google is doing exactly the same thing
that every man and his wombat has already tried, and failed at. In particular
use by organisations [0] like banks and Paypal, where there's real financial
value at stake, has failed to gain any significant adoption after a 1-2
decades (does the Paypal security key, the physical device not the "our
security key is now a phone app", still exist? They seem to have removed most
mention of it, or redirect you to the app "security key").
Peter.
[0] By "use" I mean general public adoption, not "we require our employees to
use this, on pain of pain".
More information about the cryptography
mailing list