Google have worked on a way of improving security for Web-page login experiences because these login experiences are easily vulnerable to phishing attacks.
What is this technology
This method is similar to a hardware security “token” used by some big businesses for data security and increasingly by some banks to protect their customers’ Internet-banking accounts against phising attacks. This is a device that you keep with you in your wallet or on your keyring which shows a random number that you key in to a login screen alongside your user name and password and is based on “what you have” as well as “what you know”.
This time, the function of this “token” is moved to the mobile phone which nearly all of us have on ourselves. It will appear as a smartphone “app” for the Blackberry, Android or iPhone platforms that shows the random code number or will operate in the form of your phone showing an SMS with the token code or you hearing a code number from a call you answer on that phone. Of course, you will register your mobile number with Google to enable this level of security.
The direction for the technology
Google are intending to use it with their application platform which covers GMail, Adsense, Analytics, Picasa and other Google services. Initially it will be tried with selected user groups but will be available to the entire user base.
They will provide an option to avoid the need to use this “Google codes” system on the same computer for a month, which would appeal to users who work with their GMail account from their netbook or desktop PC. They will still need to have this work if they “come in” to their GMail account from another computer and it will work if someone else uses the same PC to check on their GMail.
What I am pleased about with this is that they intend to “open-source” this system so that it can be implemented in to other platforms and applications. Similarly, the “apps” can then be ported to newer smartphone platforms or “baked in” to other PDAs and similar devices. As far as the “apps” are concerned, I would like to allow one piece of code to service multiple service providers rather than loading a smartphone with multiple apps for different providers.
Making the home network secure
I would like to see this technology being tried out as a method of securing devices that use Web-based data-access or management interfaces, similar to D-Link’s use of CAPTCHA for securing their home-network routers’ management login interfaces. This is becoming more so as nearly every home uses a wireless network router as the network-Internet “edge” for their networks. Similarly, there is an increasing tendency to use a network-attached storage for pooling data to be available across the network or as backup storage and most of these units use a Web-based user interface.
One feature that I like about this Google project is that they have applied a security technology normally available to big business and made it available to small business and consumer users.