By Stewart Tongue

YNOT – One of the worst-kept secrets in tech circles is that passwords no longer are capable of providing security on any level, regardless their length or alphanumeric complexity. As computers become more powerful and hackers more adept, the idea that an end-user’s most private, personal and important information can be protected by a string of characters no longer makes sense.

Google Vice President of Security Eric Grosse and engineer Mayank Upadhyay outline the problem and some potential solutions in a new research paper published late this month in the engineering journal IEEE Security & Privacy.

“Along with many in the industry, we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe,” Grosse and Upadhyay wrote in the article. “We’d like your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity.”

The Google team does not predict the complete demise of passwords but instead sees them quickly becoming a secondary aspect of information security.

“We’ll have to have some form of screen unlock, maybe passwords but maybe something else,” they noted. “[B]ut the primary authenticator will be a token like [smartphones or smartcards] or some equivalent piece of hardware.”

Recent media coverage of countless security attacks and information hacks, along with the nearly endless examples of cyber-criminals overcoming the increasingly smaller obstacle represented by passwords, have made new methods of security imperative, the pair argued. Grosse and Upadhyay mentioned Google already has developed a protocol for device-based authentication: The system is independent of Google and requires no special software or downloads to work. In order to see any kind of widespread adoption, though, browser manufacturers must buy into the idea and code the login standard into their products. That could be a tough sell with Microsoft, Apple and Mozilla, all of whom view Google’s Chrome browser — the only browser adapted for the standard so far — as an unfriendly competitor.

Still, the concept bears broader implications. Some experts suggest hardware tokens could pave paths to more reliable means of age verification, as well. A development of that nature could represent a boon for the adult entertainment industry, especially in countries like the UK, where adult websites no longer are allowed to accept credit cards as indication of a consumer’s majority.