n a research paper, two security experts at the web giant have outlined a future in which the main way of guaranteeing we are who we say we are online will be possession of a physical token, perhaps embedded in smartphones or even jewellery.

They have added to growing claims that passwords are both inherently insecure and increasingly impractical.

To more make them more difficult for criminals to guess, web services have forced people to use longer passwords with different types of characters, but that also makes them more difficult to remember. To add to the headache, experts also advise against using the same password for different services, to reduce the impact if one is hacked.

“Along with many in the industry, we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe,” said Google vice president of security Eric Grosse and engineer Mayank Upadhyay, in an article to be published in an engineering journal.

Full article here