Headline Nov. 15/ ''' GOOGLE -SECURITY LIMITS- GOOGLE '''

''' GOOGLE -SECURITY LIMITS- 

GOOGLE '''

THE WORLD STUDENTS SOCIETY -most lovingly and respectfully called, !WOW! -is the exclusive ownership of every single student in the world. And......

The students of the world, from every nook and corner, every university and college, and school,    join me in thanking Google for providing to !WOW!, an outstanding service over all these many, difficult years.

But on Tech Fix : Why won't the password just go away? The silly pet names, movie titles. or sports teams that many people punch in to get to their online accounts are a weak spot that hackers continue to puncture.

Yet password remains the primary way we log in to online accounts containing our personal and financial information.

Google has a new pragmatic solution : Embrace the password, but lock it down with extra physical security.

The company recently released its Advanced Protection Program, which is meant to make stealing your password pointless. To use it, you'll need two inexpensive physical keys to log to your Google account on your computer and smartphone.

This way, even if hackers steal your password in a data breach or successfully phish for it by tempting you to hand over your credentials on a fake login page, they can't do anything unless they get their hands on the keys as well.

And minimizing risk with minimal effort is a boon to anyone who cares about online security.

''I am a big fan of this,'' said John Sabin, a former hacker for the National Security Agency. ''It's probably the easiest and most secure multifactor for the masses.''

The physical keys are an evolution of  two-factor authentication, an extra security layer to ensure that your password is being entered by you.

Google was one of the first companies to start offering two-factor authentication back in 2010, not long after it learned that it had been hacked by state-sponsored Chinese hackers.

After the attack, Google's security team came up with a motto : ''Never Again.'' The company later rolled out two-factor authentication for Google customers' Gmail accounts.

It involved text messaging a unique code to your phone that you must type in after entering your password to log in.

Unfortunately, those messages can be hijacked, Last month, security researchers at Positive Technologies, a security firm, demonstrated how they could use vulnerabilities in their cellular network to intercept text messages for a set period of time.

The idea of Google's Advanced Protection Program is to provide people with a physical device that is much harder to steal than a text message.

Google is *marketing that program* as a tool for a tiny set of people who are at high risk of online attacks, like victims of stalking, dissidents inside authoritarian countries or journalists who need to protect their sources.

But why should extra tough security benefit such a small group? Everyone should be able to enjoy stronger security.

So we tested Google's Advanced Protection Program and vetted it with security researchers to see if the program could be used by the masses.

The Verdict : Many people should consider signing up for the security-system and buying a pair of keys. But of you are married to some non-Google apps that are not yet compatible with the keys, you should wait and see of the program matures.

SETTING UP ADVANCED PROTECTION : Any one with a Google account can sign up for the security program on Google's Advanced Protection web-page.

To get started you will have to buy two-physical keys for about $20 each, Google recommends buying one from Feitian and another from Yubico.

The keys, which look like thumb drives and can fit on your key chain, contain digital signatures that prove you are you.

To set one up, you plug the key a computer USB port, tap a button and name it. [The Feitian key wirelessly communicates with your smartphone to authenticate the login]. This process takes a few minute.

On a computer and a smartphone, you need to log in with the key-only once, and Google will remember the device for future logins.

That is more convenient than traditional two-factor authentication, which requires unique code each time you log in.

The Honor and Serving of the latest Operational Research on Security, Networks and Limits continues. With many thanks and great appreciation for the research authors, Brian X.Chen and Nicole Perlroth.

With respectful dedication to Google, Students, Professors and Teachers of the world. See Ya all on !WOW!  -the World Students Society....... and Twitter-!E-WOW! -the Ecosystem 2011:

'''Security & Surety'''

Good Night and God Bless

SAM Daily Times - the Voice of the Voiceless