Abstract :
Like many in the industry, the authors believe passwords and simple bearer tokens, such as cookies, are no longer sufficient to keep users safe. Google employs a base level of sophisticated server-side technologies, such as SSL and risk analysis, to protect users with plain old passwords; however, it´s also investing in client-side technologies, such as strong authentication with two-step verification using one-time passwords and public-key-based technology, for stronger user and device identification. It´s championing various approaches to access delegation, both in its applications and with third parties, so that end user credentials aren´t passed around insecurely.
Keywords :
authorisation; public key cryptography; Google; client-side technologies; device identification; end user credentials; one-time passwords; plain old passwords; public-key-based technology; simple bearer tokens; sophisticated server-side technologies; two-step verification; user identification; Access control; Authentication; Computer security; Electronic mail; Passwords; Privacy; Servers; OAuth; authentication; delegation; passwords; second factor;
