Passwords aren’t perfect — anyone who’s had to reset one after a data breach can tell you that. But neither are biometrics, and every other “password killer” has largely fallen flat.
Ask around, and security experts will tell you that passwords aren’t going anywhere any time soon.
Google knows this, too. With constant threats from hackers and scammers, and now even nation-state and government-backed attackers, the odds are stacked against Google users. Hackers only have to win once, and tech companies have to win every time.
Now, the search giant thinks it can stop even the most sophisticated of hackers. Instead of doing away with the password for good, the search giant wants to give at-risk accounts a whole new layer of protection.
Enter a physical key, one you can attach to your home and car keys (and another that you keep locked away as a backup).
These two keyfob-like devices, about $20 each, are at the heart of Google’s so-called Advanced Protection Program, which the company is betting on to keep its email accounts as secure as possible from hackers.
The keyring acts a lot like a physical key to your inbox. Whenever you log into your account, Google will prompt you to use the keyfob as a two-factor authentication device. Either plug it in as a USB key or push the Bluetooth button, and you’ll be granted access to your account.
And for the most part, that’s it. Log in, plug in, push a button, and you’re in. Even the toughest hackers will be powerless to access your account without your physical key, Google contends.
Here’s the catch. Although anyone can sign up to the program, Google’s plan is to first focus on accounts at risk of being targeted by sophisticated, state-sponsored hackers. So politicians, reporters and business leaders will be first in the queue, while others may have to wait a bit longer.