While everyone is trying to virtualize every bit of air, Google has decided to declare a very physical war on passwords.
"Google’s Vice President of Security Eric Grosse and Engineer Mayank Upadhyay wrote an article that’s due to appear in an upcoming issue of IEEE Security & Privacy Magazine about Google’s efforts to revitalize our password systems. They said the ideal system of protection would involve authenticating a single device, such as a YubiKey or a smartphone, that would be configured to grant you access to any of your online services."
In other words, Google is proposing that you log in to your online services (ex: Gmail ), by only inserting a usb key instead of entering a typed-in password.
Why is it a good idea?
Since the most common used password online is still "password", showing how many people leave themselves open to attacks, this does seem like a good idea.
Google has finally read the people's mind; They don't want to make any effort to protect themselves, they want to be forced.
Why is it not?
On the other hand, the same people that would use "password" as their password, are probably going to use this key. Let's take me for example, I use password with all kind of special characters and all that crap, but I can't tell you how many times, I forgot or lost my keys, my usb sticks etc..
With all the efforts to virtualize, this idea just seem "Not So Smart", and it has been well received by critics and users.
So instead of Google trying to come up with this kind of ideas, I suggest that they try some non-commercial campaigns, to try and educate people and teach them how to interact with the web. How to be smart when you're online.