14 votes

A future without passwords

14 comments

  1. [6]
    joplin
    Link
    On the surface this sounds like a good idea, and I applaud Google for trying to find solutions to the problems that passwords present. Unfortunately, I think this is leading to a world where any...
    • Exemplary

    On the surface this sounds like a good idea, and I applaud Google for trying to find solutions to the problems that passwords present. Unfortunately, I think this is leading to a world where any small deviation from their prescribed use scenarios will result in catastrophic failure for the user. I've had a few things like this happen to me recently.

    Today we ask people who have enrolled in two-step verification (2SV) to confirm it’s really them with a simple tap via a Google prompt on their phone whenever they sign in.

    And if I need to access my account when I don't have my phone on me? Then what?

    We are also building advanced security technologies into devices to make this multi-factor authentication seamless and even more secure than a password. For example, we’ve built our security keys directly into Android devices, and launched our Google Smart Lock app for iOS, so now people can use their phones as their secondary form of authentication.

    And if users aren't using an Android or iOS device, then what?

    We’ve recently launched our new Password Import feature which allows people to easily upload up to 1,000 passwords at a time from various third party sites into our Password Manager (for free).

    (for free*)

    Also, I don't really trust the employees of Google (or any other company) not to compromise my data. I mean most of them are probably trustworthy, and I'm sure they have strong procedures in place to prevent it, but these sorts of things have happened before.

    Also, this seems like a way to get users to migrate away from using their preferred password managers and being locked in to using Google's. I can see how that benefits Google.

    I recently had 2 experiences that have soured me on these sorts of solutions. The first was with Apple's ecosystem. I was logged into a machine at work and wanted to get something remotely from an Apple-related account. I tried to log in from the remote machine, but because it wasn't my machine, and isn't listed in my trusted machines, Apple wouldn't let me access it. It was fine in this case because I could download it to my home machine and copy it over to a work machine, but what if I didn't have that option? I'll admit it keeps my data safe, but it also keeps it inaccessible to me in some fairly standard situations.

    The second was with my bank. I attempted to login to my banking app on my phone. It prompted me to enter my new debit card number. I hadn't gotten a new debit card, but there was some fraud on my credit card from the same bank and they sent me a new one the previous week. So I assumed that's what they meant. After entering the information and having it rejected they warned me that I only have 3 tries to get it right before my account would be locked. They had a phone number to call and an error code to give the person on the phone, so I opted to do that instead, since I didn't want to risk locking my account. In the meantime, I went to the website to see if I could login that way. I was greeted with a similar (and also broken) flow that wouldn't let me do anything until I entered my new debit card info. On the call, the person on the phone told me my debit card had expired. I grabbed the physical card, which I almost never use, and sure enough it was expired last month. The bank never informed me or sent me a new one. They said they'd FedEx me a new one overnight. (It just arrived today.) In the meantime, I was unable to access my accounts so I couldn't do any banking. They suggested going to my local branch, which is closed because of the pandemic. I literally could do no banking other than checking my balance by phone for the last 24 hours. It turns out that if you don't have an active debit card associated with your internet account, you can't do any online banking with this bank. Despite having thousands of dollars in the account, and having been with them for decades, they could not help me. Luckily I didn't have anything urgent to do.

    30 votes
    1. [5]
      papasquat
      Link Parent
      This is increasingly becoming a problem with all technology, not just security. A lot of technology is specifically designed for people who live in large, metropolitan cities with constant,...

      I think this is leading to a world where any small deviation from their prescribed use scenarios will result in catastrophic failure for the user. I've had a few things like this happen to me recently.

      This is increasingly becoming a problem with all technology, not just security. A lot of technology is specifically designed for people who live in large, metropolitan cities with constant, reliable data connections; namely NY, SF, or LA. If you're not in one of those places, your technology products will be noticeably worse. Your data connection that your device just assumes will always be present will go out sometimes. The thousands of people that these products assume are around you at all times won't be there, and things like piggybacking off of other people's bluetooth connections won't work properly for you. Maps and all of the embedded geospacial data that goes along with them won't be as good and apps assume that they're perfect 100% of the time.

      The issue is that the people who design this technology live in those places, and most people who use the technology do not. It makes these products very brittle and fragile, and leads to a horrible experience for a lot of people.

      Why don't phones have P2P technology that enables them to be used more like direct connection walkie talkies when cell service isn't available? Won't don't they have more fallback modes that enable data connections to reach out further at lower data rates? Why don't more apps let you cache data when you're not near a cell signal? Probably because the people who these things are designed and tested by don't value those things.

      15 votes
      1. Micycle_the_Bichael
        Link Parent
        @joplin and I had another great conversation around a similar issue with the MBTA in NYC over on the post about Is it ethical for services to exclude those without internet access for anyone...

        @joplin and I had another great conversation around a similar issue with the MBTA in NYC over on the post about Is it ethical for services to exclude those without internet access for anyone curious about how these cut not only along city-vs-rural lines but also across class. Though I don't want to imply that those things are totally unrelated, because there is a degree of relations between the two.

        6 votes
      2. [2]
        teaearlgraycold
        Link Parent
        To be fair - caching is something that every developer will avoid whenever possible. Even if they would personally benefit from it as a user of their own app they may prefer to not deal with the...

        Why don't more apps let you cache data when you're not near a cell signal?

        To be fair - caching is something that every developer will avoid whenever possible. Even if they would personally benefit from it as a user of their own app they may prefer to not deal with the inevitable bugs.

        5 votes
        1. Omnicrola
          Link Parent
          As one of my favorite jokes goes: "There are only two hard problems in computer science. Naming things, cache invalidation, and off by one errors."

          As one of my favorite jokes goes:

          "There are only two hard problems in computer science. Naming things, cache invalidation, and off by one errors."

          9 votes
      3. skybrian
        Link Parent
        I've just been traveling and I'm pretty happy with how my phone has dealt with surprisingly poor Internet at a hotel. Basic communication like email and texts work quite well. Google Maps works...

        I've just been traveling and I'm pretty happy with how my phone has dealt with surprisingly poor Internet at a hotel. Basic communication like email and texts work quite well.

        Google Maps works well offline, automatically caching your home region. You won't get real-time traffic, but why would you expect that offline?

        It could be a bit better by anticipating where you're traveling and caching ahead of time, but you can do that manually. (I didn't bother but my wife did.)

        If you search for p2p apps for cell phones, there are a wide variety of them. Maybe they aren't very good, but it seems like something worth investigating before assuming it can't be done?

        2 votes
  2. Omnicrola
    Link
    Misleading title (Googles fault, not OP's). Entire article is about how password management is hard, Google is encouraging 2F, and how you should definitely trust Google with all your security...

    Misleading title (Googles fault, not OP's). Entire article is about how password management is hard, Google is encouraging 2F, and how you should definitely trust Google with all your security because they would never ever hurt you.

    And then in the last paragraph they mention how they hope someday in the future passwords will be a thing of the past. Cool.

    20 votes
  3. dedime
    (edited )
    Link
    I can't really trust Google, despite all of their claims that keeping you safe online is their top priority. Get ready for a Stallman-esque rant, because true safety starts with open source and...

    I can't really trust Google, despite all of their claims that keeping you safe online is their top priority. Get ready for a Stallman-esque rant, because true safety starts with open source and trusting the code you're running.

    Take everything I'm about to say about Google's capabilities with a grain of salt - to the best of our knowledge, this is what Google is capable of doing. This is not to say they are doing it, or are even capable of doing it, but the possibility is there and we have no way to determine otherwise.

    For one, Google can log into your account. They can also provide others access to your account. Anything you have stored in your account - photos, videos, emails, passwords, search history, messages, location history, browser history, contacts, apps installed - Google can access this at any time without barriers. Crucially, this means your passwords are not secret as they are (mathematically / encryption wise, not necessarily in practice) accessible by others. If Google cared, you could encrypt all of this information with a secret key only accessible to you. In fact, AFAIK the only Google product you can do this with is Chrome's Sync Passphrase, which you can use to encrypt all your Chrome data (browser history, passwords, form data, etc.). This is commendable, except for the fact that Google Chrome is closed source with no way to reproduce their builds, so you really can't even trust that they're doing this properly / at all, unless you're down to decompile the source code and verify yourself (every release).

    Two, Google is A-OK with making your account less secure without your consent. This is not a good model for security. As an example, I had a strong password to my Google account and TOTP as my second factor. TOTP is fantastic, as it relies on a shared secret with easily provable security parameters. It can be phished, but so can other second factors. Google took it upon themselves to add an additional second factor, their device based prompts. They also made it the default. This actually decreased my security posture, as now I have more second factor methods of authenticating my Google account. I also can't disable this feature. The only way to disable it would be to switch my phone from Google's Android to iOS or another OS. Why can't I disable this??? It's maddening.

    Third, perfect secrecy has been solved since the invention of the one-time-pad, everything else has been icing on the cake. I'd be perfectly happy if they could use information-theoretic secure encryption. Do it right, do it in the open, let the privacy-interested people take back their privacy and security into their own hands, and offer less-secure shortcuts for people who want it to be easy. If keeping you safe online was their top priority, they would have implemented this already. Instead, "keeping you safe online is our number one priority" is a bold faced lie. They should say "Keeping your personal data minable for our own purposes is our top priority. Keeping your personal data private would be nice too, we'll try our best but please recognize we won't encrypt your data unless we can get ahold of a copy of the key."

    Google doing personal data encryption right will never happen, but I still think about this a lot. There's no good (read: in my interest) reason to insecurely handle my data as they do, they just want to mine my data for money. You can provide all of the products that Google provides without violating peoples persons privacy, yet here we are. I accept of these imperfections because Google's services really are quite valuable, and I know they can't provide them for free, but it bugs me nonetheless.

    TL;DR: Google says trust us, ignoring the fact that their whole business is based on you using their closed source software which by definition you cannot trust.

    12 votes
  4. [2]
    Macil
    (edited )
    Link
    tl;dr: A phone can be used as your second factor auth for logging into your google account. Chrome, like most browsers, has a built-in password manager, which can help people use strong passwords...

    tl;dr:

    • A phone can be used as your second factor auth for logging into your google account.
    • Chrome, like most browsers, has a built-in password manager, which can help people use strong passwords without reusing them between sites.
    • "One day, we hope stolen passwords will be a thing of the past, because passwords will be a thing of the past, but until then Google will continue to keep you and your passwords safe." No info about what this could be like, though maybe it's implied that tools we use for second factor auth today will become options for logging in directly in the future.

    Nothing really new. It's a good reminder that password managers (including Chrome's built-in one) are good to use; I think people discount browser built-in password managers unfairly. I think the biggest security issue that affects most people is password re-use, and a password manager can help address that.

    9 votes
    1. Jedi
      Link Parent
      What’s special about it is that it is (optionally) tied to your Google account which means you can access your passwords from any device or even other browsers. As others have said, that may or...

      Chrome, like most browsers, has a built-in password manager, which can help people use strong passwords without reusing them between sites.

      What’s special about it is that it is (optionally) tied to your Google account which means you can access your passwords from any device or even other browsers. As others have said, that may or may not be seen as a benefit versus the tradeoff of Google having your passwords, but it is a little more advanced than the standard autofill.

      2 votes
  5. skybrian
    Link
    According to this ArsTechnica post, the Google blog post seems to be saying that they're going to automatically enable two-factor authentication for "appropriately configured" Google accounts....

    According to this ArsTechnica post, the Google blog post seems to be saying that they're going to automatically enable two-factor authentication for "appropriately configured" Google accounts. (Whatever those are, but it's clearly not all accounts; how would that work?)

    But I still don't understand what Google is going to do. Some Google blog posts are extremely difficult to read.

    2 votes
  6. [3]
    freddy
    Link
    See also: Your Passwords Are Useless
    1 vote
    1. [2]
      Contentus
      Link Parent
      I had never heard about FIDO before. I like the concept but Ideally I would want something that works both with my computer and my phone. And since both have different USB ports, the physical USB...

      I had never heard about FIDO before. I like the concept but Ideally I would want something that works both with my computer and my phone. And since both have different USB ports, the physical USB keys are a no go for me. Alternatives?

      1. Greg
        Link Parent
        FIDO/U2F is absolutely the real answer to the password security question, and I sincerely hope it gets more widespread adoption. You can get variants of the YubiKey that work with most different...

        FIDO/U2F is absolutely the real answer to the password security question, and I sincerely hope it gets more widespread adoption.

        You can get variants of the YubiKey that work with most different phone/laptop combinations, either with different connectors on each end or using NFC. They don't offer a USB A & C combo model, for whatever reason, so if you have an Android phone without NFC and a laptop with only USB A you might need a cheap adapter for the laptop side.

        [Edit] Alternatively, the Google Titan key has an option with Bluetooth, NFC and a female micro USB port which you can connect to your laptop using a cable. I haven't used those personally, though.