Google thinks it might have found an answer to the vexing problem of forgotten or weak passwords: "physical" passwords, which might come in the form of a piece of jewelry such as a ring.
In a research paper, two of its engineers write that current strategies to prevent the hijacking of online accounts, including the two-step identity verification system, are insufficient, partly due to the constant threat of attacks that exploit new bugs.
Google highlights phishing, in which hackers dupe account holders into revealing sensitive information by making them sign into a fake account login page, as one of the biggest security threats of today.
"It's time to give up on elaborate password rules and look for something better," the authors say. The research paper, by Google's Eric Grosse and Mayank Upadhyay, is to be published Jan. 28 in the publication IEEE Security & Privacy. It was first reported on by Wired earlier Friday.
At the core of Google's proposal is an idea it says has been used by businesses but has found little success among consumers: an encrypted USB-like device that people would use to log into password-protected websites and online accounts.