mardi 17 décembre 2013

Physical Keys Could Take Away the Pain of Passwords

New Scientist (12/11/13) Hal Hodson 

Facebook, Google, and other technology companies are experimenting with physical keys to take the place of passwords. Google is testing YubiKey, a small cryptographic card that plugs into a USB port and mimics a keyboard entering a single-use password into the authentication field, while Facebook employees are already using such cards for two-factor authentication. Some of the keys will rely on their physical structure to make them unclonable, and could be used not just for computer logins but also to authenticate products that are susceptible to counterfeiting. Meanwhile, California Institute of Technology researchers are developing a system that uses light scattered through liquid crystals, which has the advantage of offering much more scope for randomness than a silicon chip. The researchers say the system is very hard to crack, but also difficult to implement because of the impracticality of storing and exchanging huge keys. Another physical authentication key in development is Verayo's Opal, which contains a microchip with tiny imperfections that arise during manufacturing and are unique to it. The device's battery is activated by shaking it, and the user shakes the device again to have it pair with a nearby computer or tablet via Bluetooth. The system reads the Bluetooth signal and, if it matches a predetermined pattern, accepts the user as a trusted party.