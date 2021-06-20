



No Pauline statue

The bright living room of a home on the West Coast of the United States appears on your laptop screen. In that living room, fully illuminated and spoken directly to the camera, he is responsible for Google’s online security and identity. Then you think: This is the story of having to use a password manager and choose a password that is much better than a “12345” or “secret” password. But that’s not what Mark Reacher reveals. Because that is his name. To please many Americans, he has come to say that as far as it goes, it’s safe to have no password at all.

Passwords are a remnant of the days when one computer was in a university or library, Richer says. On this computer, you can prove yourself by entering your password. There is little more than that.

This means that more and more devices need to come up with passwords, and you can’t order a new face cream without creating an account. Not all of these passwords are remembered, and not everyone can store them securely, so Richer currently has an average of 75 passwords in about three categories.

Data leak

Usually the person in front of your bank is very safe just to remember. Next is the Facebook account name and number combination, which is a bit more secure. Second, there are many services where it seems okay to write your pet’s name in reverse. According to data breaches and recent police reports, hackers only need to break into their Marktplaats account once, perhaps selling their phone in your name and escaping with the money of an unsuspecting buyer.

Risher says the password is yours and scammers and hackers need to know it from you, and that’s the problem. You can even bypass two-factor authentication, where you have to enter a code from a text message on your mobile phone to access your Twitter account. All the scammer has to do is set up a login page where an unsuspecting user can enter or intercept this code.

Safety key

According to Google, all of this needs to change. It is not the user’s responsibility to verify whether they are logged in to google.nl or google.nl, it is google.nl to verify their identity. This is possible using a security key. Compare with the walkway you have to go through the card reader to enter the building. However, since it is linked to your account, you can only use it.

These security keys are in the form of USB sticks that are inserted into your computer for identity verification, but you can also use them on your phone. Google has already created a security key on their Android smartphone and has an iOS version to verify their identity. More precisely, the security key is yours on your iPhone.

Google Titan Security Key Google Image

When you try to log in using your Google account on your computer, you will see a push message on your phone confirming this. And the phone must be close to each computer again. Anyway, the mobile phone that seems to have most of the day will be the path to access your account via a virtual card reader. Use a backup code stored in a secure (physical) location to restore your account if you lose your phone.

There are also open standards for this, such as WbAuthn, which Google also participates in. Is this method guaranteed? No, Richard says. However, if a hacker needs to grab your phone to unlock it (often using a fingerprint) and get close to the device you’re trying to log in, it’s difficult to hack.

If you log in with your Google account, you will not only be able to access Google Docs and Gmail. Like your Apple or Facebook account, Google allows you to log in to third-party services. If you buy sports apps, online games, or concert tickets that include health and location data, your smart thermostat may be connected to them. For those who want it, a Google account is the security key to your (digital) life. When you set up from sign-in and buy a new PC or tablet, you only need to set it up once and everything is protected. Mark Reacher promises from the American living room on behalf of Google.

Danger

Bart Jacobs, a professor of computer security at Radboud University, says caution is needed here. You need to trust Google a lot to provide all your passwords and replace them with Google’s security keys. Edward Snowden’s exposure to US government service eavesdropping practices shows that major tech companies can be monitored. Who says this will never happen again?

Jacobs also points out the risk of undue liability to one party, whether Google or a competitor. What if the server where all the logins are stored goes down? At the end of last year, almost all Google services, from YouTube to Google Maps, Google Meet, and Gmail, became unavailable to users who signed in for 30 minutes due to a malfunction. Purchasing multiple services from that provider increases your reliance on one provider.

Second, there’s a way for Google to make money by selling ads primarily based on user behavior. According to Jacobs, who can guarantee that Google will do nothing even if it knows where you are signed in? That’s why Jacobs knows more with open online identities. This means that personal digital keys, open source, and their source code, which are unique to every door on the web, can be viewed and copied by anyone and are operated by a non-profit organization.

The European Union recently announced plans for such an e-identity. This is an online ID for residents of member countries other than the major US technology platforms. Jacobs: Companies like Google can pretend they want the best for the world, and they have a business agenda. Often it’s not the same agenda I have as a user.

