[Cryptography] How Google's Physical Keys Will Protect Your Password

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Oct 30 19:42:41 EDT 2017

Viktor Dukhovni <cryptography at dukhovni.org> writes:
>> On Oct 30, 2017, at 4:08 AM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
>> Somewhat less snarkily, is there anything actually novel here, or is it just
>> really old news that's new again because the term "Google" is attached?  I
>> can't see anything to get excited about.  It's not even "Google's Keys", it's
>> someone else's stuff that Google has adopted.
>The real question is whether it gets widespread adoption.  Often the real
>novelty is figuring out how to get things deployed in practice.  Time will
>tell whether this effort to get beyond passwords will gain some traction.

I can't see how it will, given that Google is doing exactly the same thing
that every man and his wombat has already tried, and failed at.  In particular
use by organisations [0] like banks and Paypal, where there's real financial
value at stake, has failed to gain any significant adoption after a 1-2
decades (does the Paypal security key, the physical device not the "our
security key is now a phone app", still exist?  They seem to have removed most
mention of it, or redirect you to the app "security key").


[0] By "use" I mean general public adoption, not "we require our employees to
    use this, on pain of pain".

More information about the cryptography mailing list