[Cryptography] How Google's Physical Keys Will Protect Your Password
pgut001 at cs.auckland.ac.nz
Mon Oct 30 19:42:41 EDT 2017
Viktor Dukhovni <cryptography at dukhovni.org> writes:
>> On Oct 30, 2017, at 4:08 AM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
>> Somewhat less snarkily, is there anything actually novel here, or is it just
>> really old news that's new again because the term "Google" is attached? I
>> can't see anything to get excited about. It's not even "Google's Keys", it's
>> someone else's stuff that Google has adopted.
>The real question is whether it gets widespread adoption. Often the real
>novelty is figuring out how to get things deployed in practice. Time will
>tell whether this effort to get beyond passwords will gain some traction.
I can't see how it will, given that Google is doing exactly the same thing
that every man and his wombat has already tried, and failed at. In particular
use by organisations  like banks and Paypal, where there's real financial
value at stake, has failed to gain any significant adoption after a 1-2
decades (does the Paypal security key, the physical device not the "our
security key is now a phone app", still exist? They seem to have removed most
mention of it, or redirect you to the app "security key").
 By "use" I mean general public adoption, not "we require our employees to
use this, on pain of pain".
More information about the cryptography