Google enhances, simplifies two-step authentication with physical USB Security Key

By Shawn Knight
Oct 21, 2014
Post New Reply
  1. Google has simplified and beefed up its two-factor authentication implementation by adding support for Security Key. With it, security-sensitive individuals can purchase a physical USB stick from a third-party that can be used to verify your identity when logging into...

    Read more
  2. hitoshianatomi

    hitoshianatomi TS Rookie

    The two-factor authentication, though not a silver bullet, could be reliable when it comes with a reliable password. 2 is larger than 1 on paper, but two weak boys in the real world may well be far weaker than a toughened guy. Physical tokens and phones are easily lost, stolen and abused. Then the password would be the last resort. It should be strongly emphasized that a truly reliable 2-factor solution requires the use of the most reliable password.

    Using a strong password does help a lot even against the attack of cracking the stolen hashed passwords back to the original passwords. The problem is that few of us can firmly remember many such strong passwords.  We cannot run as fast and far as horses however strongly urged we may be. We are not built like horses.

    At the root of the password headache is the cognitive phenomena called “interference of memory”, by which we cannot firmly remember more than 5 text passwords on average. What worries us is not the password, but the textual password. The textual memory is only a small part of what we remember. We could think of making use of the larger part of our memory that is less subject to interference of memory. More attention could be paid to the efforts of expanding the password system to include images, particularly KNOWN images, as well as conventional texts.
  3. Ok, but what about the government's backdoor?
  4. Kibaruk

    Kibaruk TechSpot Paladin Posts: 2,408   +464

    I present you a "solution", make a random list of characters in a grid for example a 10 by 5, then in your head create an "algorithm" that will give you a password based on that grid and the service you use it in, you can use a password manager like keepass or whatever to easily access them from your computer or pendrive or whatever, and when you don't have that option you can easily check your grid and "decipher" it.

    If someone else looks at the grid it will mean nothing, and without your mental process or algorithm it's difficult for someone to crack it.

    Then to the words add a couple of randomized characters, so that someone who gets 3-4-5 passwords out of you (For example) AND the grid, won't get to make a pattern either.

    I'm not sure if it helps someone, but it's been a good system for me, I have unique passwords for almost all my accounts that I can't remember but can easily come up with without having to worry about someone else looking through my passwords.
  5. The only problem with this is that people lose USB drives all the time which will pose a problem the next time they try to login and can't find their device.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...