Google Looks to Ditch Passwords

Google engineers are testing new tools that could replace passwords as the primary way of authenticating identity on the web. Google is currently running a pilot that uses a YubiKey cryptographic card developed by Yubico — a startup operated out of Sweden and the US, which has produced a two-factor authentication fob that can emit encrypted one-time passwords to NFC-enabled smartphones.

Google vice president of security Eric Grosse and engineer Mayank Upadhyay will detail the pilot — along with other ways people may be logging into websites in the future — in a research paper to be published in the IEEE Security and Privacy Magazine later this month. The pair does not imagine that passwords will completely disappear, but that they will have a less significant role in authenticating ID, playing second fiddle to smartphones or chip-embedded things as the primary authenticator.