Google understands that a human entered numerical and character based password will never be as secure as a physical item and for that reason the company is exploring physical item encryption options.
In a new research paper published by the company in the January issue of the IEEE Security & Privacy Magazine, Google suggests that requiring physical items for password entry could be the future of internet security.
One area Google is investigating would be the inclusion of embedded chips inside of smartphones. Since a majority of people now carry smartphones this would be the most obvious option. Google has also considered a ring that would be worn on the users finger.
The most prominent discussion is a YubiKey cryptographic card which automatically logs a user into their Google account when it is inserted into a computer’s USB drive. The card required a slightly modified version of Google Chrome but does not require password entire or software installs.
While Google already offers two-step authentication, the company realizes that phishing attempts from fake sites masquerading as part of the Google family have managed to steal authentication passwords from users.
The nice part about a physical pass device is that it could be used in conjunction with Google passwords, allowing for an extra layer of security. As more companies move towards Google managed email solutions the company could find itself selling physical security devices to clients, creating a new layer of profitability for its otherwise free and cheap enterprise level email services.
The real question will be whether or not Google account holders will be willing to sacrifice a little bit of convenience by being required to carry around a device that could break, leaving them without access to their Google account until a replacement can be sent.
Would you like to use a physical device to secure your Google account?
[Image via cryptomathic]