[PCWorld]

Post your comments for Google suggests jewelry or a device as a next-gen password here

[JohnWarren]

Of course this adds to the horror of a lost cellphone. I'm careful not to allow autologon at any website connected to my cellphone for just this reason. Of course, I have a unique password for each website created by encrypting the name of the site itself

[sunblock]

of course you do,

[blake001]

U CAN TRY LASTPASS

[DrSpanky]

The issue is how things work out in the real world. On paper, everything works. In reality, not so much. What people should be working on are ways to educate the average computer user and make him/her understand what good security practices are and why they should practice them. Most people have learned not to leave their car unlocked with the keys in the ignition, this is the same principle. Trying to come up with answers to academic questions shows a lack of understanding of the real problem, ignorance. How are people supposed to get the right answer if they don't know what questions to ask? Unfortunately, a lot of the problem is a lack of common sense, and that's something no one can fix. With the proper education, most people would at least understand the problem, even if they choose to ignore the expert advice like create a strong password/pass phrase, don't open and/or respond to every email you receive, and don't give out private information to someone promising you millions of dollars.

[DrSpanky]

Another reason hardware devices are a bad idea is if your device is lost or stolen, you just took the express ride to identity theft hell. Now someone else is you, and you're left scrambling to try and change all your passwords. Of course, this will be extremely challenge because you don't have the keys or passwords. You're now the one being scrutinized by the bank, credit card company, etc. Since you're not in possession of the keys and passwords and they need to make sure YOU are not the thief trying to get into the account through subterfuge. No, hardware keys are not a solution.

[kamikrazee]

The trouble with this scheme is that, lurking behind the notion of authentication, is the potential for tracking an individual, both online and in a geographic sense, as well as <i>permission</i> to use the internet.
(Consider a perfectly valid account no longer being authenticated for whatever reason; will Google set itself up as an adjudicator of complaints over unfair use or bandwidth hogging or whatever?). This is a bit much.

[KLanD]

Hardware is a horrible idea. If you think forgetting your password and having to change it is frustrating, imagine all the paperwork and legal documents you need if you happened to lose you 'Hardware password'. Not to mention the 2-5 days you'll probably have to wait to get a new one.

Horrible idea.

what's wrong with fingerprints.. or retina scans if you want to complicate our lives.

[MKZ1945]

I have to agree with KLanD, and a few others on this one. There are a number of programs out there, and some are free, that either forces you to make strong passwords, or provides suggestions for them, and at the same time stores them in an encrypted file. Nothing is foolproof, but I’ve misplaced a number of hardware items over the same number of years I been using a password manager. Never lost a password yet and I don’t worry about having to remember any of them. I can even change them occasionally if I feel it’s necessary for added security and not worry about it. I would expect that people who create a password that they store in memory probably use that same password for all sites that enforce them. Not a good practice to get into.