Msg#: 4572733 posted 4:03 pm on May 10, 2013 (gmt 0)
This looks like a device will be tied much tighter into Google's infrastructure. I accept it from an security point of view, but I fear it'll allow for much closer profile tracking.
Google unveiled on Wednesday a five-year roadmap for stronger consumer authentication tagging smartphones, long-life tokens, and futurist schemes to harden access controls while striking an unapologetic tone toward users who resist the change.
The plan will ultimately change Google's login system by breaking today's pattern that has end-users signing in over and over. In it's place, Google will install strong authentication on a device such as a smartphone when it is setup.
A complex authentication code will replace the password and allow the device to identify itself, its user, participate in complex authentication flows, and recognize usage patterns that signal attacks.
"We will change sign-in to a once-per-device action and make it higher friction, not lower friction, for all users," said Eric Sachs, group product manager for identity at Google. "We don't mind making it painful for users to sign into their device if they only have to do it once."Google's Roadmap To Significantly Stronger User Authentication [zdnet.com]