According to the article, she did say exactly those words:
"password are dead"
"passwords are done at Google"
"our relationship with passwords are done"
Then they go on about how they're experimenting with hardware tokens and stuff, and how all startup should be solving that for them now.
It looks like PR to me, and it also looks like Google has lost it's soul.
Obviously, passwords are far from dead. It's wishful thinking at this point. The only thing everyone can agree on, is that passwords sucks to remember, input, and manage, and that there are many superior technical solutions.
The main issue is and has always been is that those superior solutions are painful to introduce because they're not standard, everyone wants it's proprietary piece of equipment in there, and they're not seamless solution that customers - users, really - are willing to test til something becomes a defacto standard.
basically you can have an ECDSA or RSA key pair and store the private key locally, either in a PGP smartcard (which can really be just a USB stick), or more conveniently into a piece of clothing that use some sort of NFC to transmit the data.
again, the yubikey neo does that (using NFC) but with OTPs for example.
Or maybe she didn't really want to divulge how Google plans to make passwords obsolete.
>> Although Adkins didn't offer any real specifics on how Google will innovate beyond today's security, she did say the company is experimenting with hardware-based tokens as well as a Motorola-created system that authenticates users by having them touch a device to something embedded, or held, in their own clothing. "A hacker can't steal that from you," she said.
There isn't really anything magical to make passwords go away, thus, nothing fundamentally new or to hide. A tiny piece of NFC hardware can be used to authenticate users using S/R or HOTPs (look at the yubikey neo for example). Then you can hide it in clothing, rings, bracelets, watches if you want. Way more convenient than a usb stick too, but you need a NFC reader, still.
Google has a huge impact, thus they're the ones most likely to have enough momentum to push for a change. That's different.
Maybe I'm too cynical (is that possible about csec anymore?), but as soon as I saw this line from Google, I thought "oh right, it'll be something to get Google inserted into every login interaction".
Well, not quite yet it seems, but this may be part of the set-up for it.
"password are dead"
"passwords are done at Google"
"our relationship with passwords are done"
Then they go on about how they're experimenting with hardware tokens and stuff, and how all startup should be solving that for them now.
It looks like PR to me, and it also looks like Google has lost it's soul.
Obviously, passwords are far from dead. It's wishful thinking at this point. The only thing everyone can agree on, is that passwords sucks to remember, input, and manage, and that there are many superior technical solutions.
The main issue is and has always been is that those superior solutions are painful to introduce because they're not standard, everyone wants it's proprietary piece of equipment in there, and they're not seamless solution that customers - users, really - are willing to test til something becomes a defacto standard.