Google Wants All Of Your User Names And Passwords

0 comments

Google is currently developing a new security platform called, U2F (Universal 2nd Factor). It is supposed to be similar to a USB device that syncs with Chrome to allow users to access Google services with just a PIN number. Personaly I think the concept is great, but am worried that because it is being championed by Google it will be come something geared towards more data harvesting. 

Based on security technology found in the smart card devices favored by the military, the YubiKey Neo can be thought of as a digital key. Your Google account is the lock; one that is configured on-the-fly to accept only the YubiKey Neo in your possession. Because the YubiKey Neo and Google’s Chrome browser will engage in secure public-key encryption when you log in, the user-generated password you’d normally enter along with your username can be reduced to a simple four-digit PIN. The username and PIN simply state your identity. The YubiKey Neo is what actually verifies it.

My biggest concern is Google's involvement in the FIDO (Fast IDentity Online) Alliance. By keeping their technology open source, and partnering with industry associations Google can grow their userbase like crazy while pulling in more and more data through the use of other devices and software. We saw this happen with both Chrome and Andriod.