Google experiments with hardware-based authentication, envisions passwordless future

2012 was not a great year for security. From the "epic hack" of Wired's Mat Honan to the breach of Dropbox and the breakdown of barriers at Blizzard (not to mention countless smaller incidents), last year held frequent reminders that what you put online is never truly safe. Google has, in the wake of such public failings, began pushing its two-factor authentication with a pretty heavy hand. But even that system has its short comings, and Mountain View is looking for ways to shore up users' accounts. In particular the web giant is exploring hardware authentication options and experimenting with a device called YubiKey -- a USB-based token system. The research will be unveiled in a paper being published later this month in IEEE Security & Privacy Magazine, and includes preliminary work on a protocol for using a hardware device to unlock an online account. If carrying around and jacking in a USB key sounds too cumbersome, fear not. Google is also working on a wireless version of the platform that could be embedded in a cellphone or even a piece of jewelry like a ring. We may never ditch the password entirely, but we can hope.