Google Research

Authentication at Scale

  • Eric Grosse
  • Mayank Upadhyay
IEEE Security and Privacy, vol. 11 (2013), pp. 15-22


In working to keep cloud computing users' data safe, we observe many threats---malware on the client, attacks on ssl, vulnerabilities in web applications, rogue insiders, espionage---but authentication related issues stand out amongst the biggest. When trying to help hundreds of millions of people from an unbelievable variety of endpoints, attitudes, and skill levels, what can possibly displace plain old passwords? No single thing, nothing overnight, and nothing perfect. A combination of risk-based checks, second-factor options, privacy-enhanced client certificates, and different forms of delegation is starting to find adoption towards making a discernible difference.

Learn more about how we do research

We maintain a portfolio of research projects, providing individuals and teams the freedom to emphasize specific types of work