After Apple announced a single sign-on tool last week, The Verge interviewed Google product management director Mark Risher. Though Google offers its own single sign-on tool, The Verge found him “surprisingly sunny about having a new button to compete with. While the login buttons are relatively simple, they’re much more resistant to common attacks like phishing, making them much stronger than the average password — provided you trust the network offering them.”

RISHER: I honestly do think this technology will be better for the internet and will make people much, much safer. Even if they’re clicking our competitor’s button when they’re logging into sites, that’s still way better than typing in a bespoke username and password, or more commonly, a recycled username and password…

Usually with passwords they recommend the capital letters and symbols and all of that, which the majority of the planet believes is the best thing that they should do to improve their security. But it actually has no bearing on phishing, no bearing on password breaches, no bearing on password reuse. We think that it’s much more important to reduce the total number of passwords out there…

People often push back against the federated model, saying we’re putting all our eggs into one basket. It sort of rolls off the tongue, but I think it’s the wrong metaphor. A better metaphor might be a bank. There are two ways to store your hundred dollars: you could spread it around the house, putting one dollar in each drawer, and some under your mattress and all of that. Or you could put it in a bank, which is one basket, but it’s a basket that is protected by 12-inch thick steel doors. That seems like the better option!

Share on Google+

of this story at Slashdot.

…read more

Source:: Slashdot