New startups looking for ways to keep their users secure should know one thing, a top Google security executive said Tuesday: “Passwords are dead.”
Speaking on a TechCrunch Disrupt panel called “Spies Like Us,” Heather Adkins, Google’s manager of information security, told moderator Greg Ferenstein that going forward, the “game is over for” any startup that relies on passwords as their chief method of securing users and their data.
She talked briefly about Google’s use of two-step authentication, and the fact that the search giant has been working to innovate in the area of non-standard password security. As a result, she said, any startup that still relies on standard passwords needs to ensure that it has an abuse team set up to deal “with customers getting compromised.”Adkins, speaking alongside Kleiner Perkins Caufield & Byers managing partner Ted Schlein and author James Bamford, explained that looking ahead, “our relationship with passwords are done,” and that “passwords are done at Google.”
Although Adkins didn’t offer any real specifics on how Google will innovate beyond today’s security, she did say the company is experimenting with hardware-based tokens, as well as a Motorola-created system that authenticates users by having them touch a device to something embedded, or held, in their own clothing. “A hacker can’t steal that from you,” she said.
Later in the conversation, which also touched on the NSA scandal, cybersecurity, and the weaponization of offensive cyber technologies, Adkins pointed out that hackers intent on making money from their bad acts had consistently found ways to exploit Google users who had yet to turn on two-factor authentication. Essentially, she explained, hackers were able to get into such users’ accounts, turn on two-factor authentication themselves, and lock the users out before utilizing those accounts to send spam. “They are finding new ways to make money off it,” she said. “Ways we hadn’t anticipated.”
Read more at CNET.