If you ever wanted proof that Google+ is, in fact, not a social network but rather an all-in bid for your identity, here’s your pudding: mere weeks after the announcement of the Google+ login button, hundreds of major media outlets are using the Google+ button for their web and mobile user logins.

Today, Google is announcing that American Idol, Universal Music Group, Fox Broadcasting company, and hundreds of other partners are doing Google+-flavored sign-ins. The service had around 10 partners at its launch; now, through middleman-like service providers including Gigya and Janrain, it’s expanding its reach by an order of magnitude and then some.

And while those red login buttons will often sit next to other login options, they bring a few unique benefits — especially for partners with Android apps.

“They can put Google+ signup next to Twitter or Facebook or their own authentication,” said Google exec Seth Sternberg in a recent chat about the rollout. “There are lots of great advantages for the developer and the user, but it’s not a one-or-the-other choice. … You could connect with both, or make it single sign-on.”

The Android piece is particularly interesting. If you’re a publisher or developer with an Android app to promote, a Google+-authenticated user who is browsing around your desktop website will be prompted to download the Android app, too. Then, the user can opt to get an over-the-air install of the app without ever touching a smartphone.

As Sternberg said, “A lot of times, [people] are using a web application that they love, and they don’t even realize it has an Android app. It’s just not obvious. So we’ve made it easy to get an app onto your phone with one tap.”

The little red button, he concluded, takes around two weeks of dev time to get up and running — a timeframe that’s consistent with the time between the Google+ login launch and today’s news of massive expansion.

Here’s a demo of the login button in action:

---

Big Data and Predictive/Real-time Analytics startups: Are you looking to jumpstart development & accelerate market traction? Sign up for the SAP Startup Focus program to receive technology, support, resources and community to help you develop new applications on SAP HANA, a cutting edge database platform. Get started here, and enter promo code “VB2013″ on the form.

---

The idea of a “plug and play” security tool may seem a bit paradoxical, but one company doesn’t think so. Stormpath, an authentication app that just got $8.2 million in its first round of funding today, wants you to “plug in” its login tool, and let it do all the work as your company’s first line of defense.

The funding was led by New Enterprise Associates and Pelion Venture Partners, with participation from Flybridge Capital Partners.

The company built a product that allows cloud service providers to “offload” the authentication process to StormPath. Authenticating a user is the same as identifying them — giving them a place to login and prove they are who they say they are. This process, however, can be bulky and is one of the most important security measures a company can take today. Stormpath says it can do the job better than cloud service companies can; it uses an application programming interface that developers at cloud service providers can just plug into their existing products.

From there, Stormpath takes care of that company’s authentication, password reset, and account management needs.

Companies like Stormpath may actually make a lot of sense. As a business-owner, you might have the desire to control your company’s security landscape completely on your own. But employing a dedicated company that is putting all of its resources into that one security product might actually make it stronger and more reliable.

Stormpath was founded in 2011 and is based in San Mateo, Calif. Benchmark Capital also previously invested in the company.

Storm path image via Shutterstock

Nok Nok, a company that wants to help organizations get rid of the traditional login and password, raised $15 million in its first round of funding today from DCM and Onset Ventures.

The company created a Unified Authentication Infrastructure that lets companies keep their systems safe by using the existing security products in different computers — such as desktops, servers, and mobile phones — to identify a user. For instance, you may have to swipe a finger or user your voice to prove you are you.

Logins and passwords are one of the most insecure parts of a company’s system. You need a login and password to prove that you are who you say you are. But with mobile technologies entering the workplace, as well as other Internet connected devices, employees are having to authenticate from many different access points. These add more attack vectors for someone trying to get into the system, so new forms of authentication, such as Nok Nok, are being introduced to the market.

But we haven’t yet gotten rid of the password because there simply hasn’t been something good enough to replace it. Nok Nok is working with a number of well-known organizations to put smart thinkers together to come up with the best ways to deal with this problem. Those organizations include PayPal’s electronic payment division, Lenovo, and Infineon Technologies AG.

Nok Nok was founded in November 2011 and is based in Palo Alto, Calif.

hat tip Reuters; Nok Nok image via Nok Nok

When passwords weren’t good enough, passphrases came into play as a much safer login option. But a new study is saying passphrases may not be as effective as you think.

Researchers Joseph Bonneau and Ekaterina Shutova looked at Amazon’s now out of commission PayPhrase System to see the types and effectiveness of passphrases people chose. PayPhrase was a passphrase-based login system that allowed consumers to go through the e-commerce check out line quickly. It required users set up a phrase of two words or more that would be connected to a credit card and shipping address. Entering the passphrase and a PIN would result in the purchase. Because the phrase itself related to financial information, PayPhrase did not allow people to use the same phrase. This gave Bonneau and Shutova the ability to query PayPhrase and collect a wide range of passphrases chosen naturally by humans.

“Our results suggest that users aren’t able to choose phrases made of completely random words, but are influenced by the probability of a phrase occurring in natural language,” said Bonneau and Shutova in their report. “Examining the surprisingly weak distribution of phrases in natural language, we can conclude that even 4-word phrases probably provide less than 30 bits of security, which is insufficient against offline attack.

They attempted a dictionary attack against the formed database of passphrases. A dictionary attack is when a hacker takes a list of well-known words or phrases, chooses which ones are most likely to succeed, and then attempts all of them. Bonneau and Shutova formed their list by gathering various sports team names, movies titles, album titles, proper nouns, names and more using IMDB, Wikipedia, and a number of other popular websites. Using this list, they ran their own dictionary attack.

The experiment showed that people rarely chose random phrases such as “panda train sunset.” This makes the passphrase significantly more vulnerable to attack. People also tended to “prefer phrases which are either a single modified noun (“operation room”) or a single modified verb (“send immediately”), according to Bonneau in a blog post about the study.

The two do conclude that their test was limited to the 100,000 passphrases extracted from the PayPhrase system, and suggest the phrase in combination with a 4-digit PIN makes it significantly stronger. But for login tools that don’t require two forms of identification, a stronger, less natural passphrase is going to be necessary.

“We recommend further collaboration between the security and linguistics research communities to explore what is possible in multi-word passphrases,” the team stated, “In particular, user testing for longer phrases is necessary to determine the extent to which users will tend to choose passphrases with natural-language-like properties as more words are required and not resort to easier-to-remember patterns like repeated words, idioms, or well-known titles.”

via ReadWriteWeb; Image via Shutterstock