[Cryptography] How Google's Physical Keys Will Protect Your Password

Viktor Dukhovni cryptography at dukhovni.org
Mon Oct 30 21:23:19 EDT 2017

> On Oct 30, 2017, at 7:42 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
>> The real question is whether it gets widespread adoption.  Often the real
>> novelty is figuring out how to get things deployed in practice.  Time will
>> tell whether this effort to get beyond passwords will gain some traction.
> I can't see how it will, given that Google is doing exactly the same thing
> that every man and his wombat has already tried, and failed at.  In particular
> use by organisations [0] like banks and Paypal, where there's real financial
> value at stake, has failed to gain any significant adoption after a 1-2
> decades (does the Paypal security key, the physical device not the "our
> security key is now a phone app", still exist?  They seem to have removed most
> mention of it, or redirect you to the app "security key").

Indeed it is far from clear they'll succeed, but they may have an
advantage of scale that the other organizations may not have had.
Controlling half the planet's email, and the software of half of
the planet's mobile devices, could just make it possible, even if
most likely still doomed to fail to make a difference (at scale).


More information about the cryptography mailing list