Nearly everyone hates passwords -- they're hard to remember and can lead to major security headaches when users don't practice good digital hygiene such as using a unique password for each service.
Now Google and Twitter have both unveiled new tools for moving beyond the much maligned password, or at least for making them more secure.
Twitter's answer, revealed at Wednesday's Flight developer conference, is Digits: a mobile-based password replacement effort Twitter is offering to app developers. Instead of creating a password, users enter their phone number, and Twitter sends a confirmation code via SMS. The code expires after each use, so it must be refreshed every time a user needs to log in to the app.
This process will sound familiar to users who have enabled two-factor authentication on their online services -- Twitter, Google, Facebook and others offer a similar feature as an added layer of security on top of the password. But Digits removes the need for a password altogether, instead letting a user's mobile device generate a unique identifier each time one is needed.
Google announced its own security feature on Tuesday, and it works in a completely different way: Users carry a USB stick, which they are prompted to insert in order to login. The USB stick verifies the security of the Google login page they're using and confirms the user's identity.
Because mobile devices generally lack USB ports, Google's option isn't really a solution designed for mobile. And while the service is free, users must buy their own compatible USB device. The added cost and the inconvenience of needing an extra tool may make the new security feature less attractive to users who aren't especially concerned about security.
Google's set-up still requires users to sign in with a password, using the USB key as an additional layer of security. But the technology Google is deploying to implement the feature is aimed at killing the password: The standard the USB keys are based on were developed by a coalition of tech companies whose goal is to create an"interoperable set of mechanisms that supplant reliance on passwords to securely authenticate users of online services."