Google's updated security roadmap details increased friction, reliance on hardware

A lot has changed in the security realm since 2008 -- remember Alicia Keys' recent attempt to convince us her Twitter account was hacked, when we all know she still uses an iPhone even as BlackBerry's Creative Director? Pranks aside, the consumer world alone has been overrun with mass data hackings -- everyone from Evernote to Microsoft to Sony to RSA has felt the wrath. To combat all of this, Google is revamping its five-year security plan, which calls for a complex authentication code replacing the conventional password in due time; in other words, Google is going to make it harder to access your accounts when initially setting up a device, but hopes you'll deal. Eric Sachs, group product manager for identity at Google, put it as such: "We will change sign-in to a once-per-device action and make it higher friction, not lower friction, for all users. We don't mind making it painful for users to sign into their device if they only have to do it once."

The documents also suggest that two-step verification may soon become less of an option, and more of a mandate. Sachs straight-up confesses that Google didn't predict the current level of smartphone adoption back in 2008, but now realizes that utilizing mobile hardware and apps as friction points for logging in makes a lot more sense. A huge swath of Google users are already carrying around a product that could be used as a verification token, so the obvious solution is to make use of that. We're also told that learnings from Android will be carried over to Chrome, and further into the world of web apps. No specific ETAs are given, but trust us -- half a decade goes by quickly when you're having fun.