http://www.yubico.com/2013/01/google-protocol-yubico-identity-vision/
Google protocol & Yubico identity vision
I have always loved Google. So far the company has created the world’s best search engine, email system and maps. And now, this Internet Giant has revealed that it is giving the world a new security protocol.
The protocol is designed to be integrated across a wide range of authentication hardware, including SIM cards, Yubikey NEOs or a ring you carry on your finger. It is primarily based on open standards, so not really revolutionary as it is. However, if implemented cleverly, the protocol holds the potential to solve some of the fundamental problems with online identity. And these are problems we need to fix soon. Very soon. Or billions of people, along with the great creation named the Internet, will be in serious trouble.
At this stage we cannot say which route Google will choose to ensure mass adoption of their security protocol. But we can say that Yubico has decided to engage in the project as we believe it could be a game changer.
And this is the vision:
Imagine that you have one single key and one single password to securely access all your Internet life.
The key would not be issued, controlled or hosted by a government or a service provider. Instead, you would buy this key at your retail store, such as 7-Eleven or Amazon.com, similar to a gift card or pre-paid phone card.
The key would remain in your own full control, guarding your privacy. And you may even choose to have multiple keys and identities, enabling you to protect your digital identity while remaining anonymous.
From your computer or mobile device, you would be able to instantly, with no required software installed, connect your key to any number of online services. Placed in the USB-port or tapped to your NFC phone/tablet/laptop you would replace all your multiple, long, painful passwords with a simple touch. Combined with a simple PIN, you would then securely access your email, bank, healthcare records or any online account.
With an open source approach and a clever eco-system, there would be no fees for service providers, and the broken and costly Certificate Authority model could be eliminated. But more importantly, there would be no single identity- or authentication service provider who would control your digital identity or any cryptographic secrets.
The key would offer session security and legally binding signatures, at a security level enabling you to one day vote online for your next President.
Yes, there are a few obstacles to overcome, including aligning influential thought-leaders and global stake holders on the same page. But if enough people want to, it would be possible to create a new, really simple, secure and affordable online identity solution as outlined above. All based on the security protocol Google is now giving to the world.
Bring it out – click – go!
PS: Once the “Google protocol” enabled Yubikey is public, we will have a special offer for our YubiKey customers. Also, to read why NFC holds a bigger potential than biometrics, please read my previous blog on Internet identity and seat belts.
Google protocol & Yubico identity vision
Yubico Founder and CEO, Stina Ehrensvärd, discusses the new Google Security Protocol, and Yubico’s vision for a more secure internet
I love this idea in concept, passwords are out of control…how the heck is anyone supposed to remember 20+ different passwords, let alone change them on a regular basis. But a key that could be purchased at 7-11…too easy to lose, too easy to steal, too easy to fake. I think that carrying around a physical object would make us more vulnerable. How are we supposed to keep it secure?