Please enter your email address

Please login to print this page

Getting Past Passwords and a Secure Future

Passwords are like pencils: They have been overtaken by superior technologies but have resisted all attempts to kill them off. They survive because they are portable and flexible in ways that more-advanced alternatives are not.

"Passwords are great," says Paul Kocher, president and chief scientist of San Francisco–based Cryptography Research, which provides sophisticated information security systems to banks, corporations and government agencies. "Except for security, passwords are pretty much ideal. For security, they are 99 percent broken."

Kocher notes that "a huge amount of work" has gone into developing better systems for authenticating individuals logging on to computing devices or online services. "The question is, will it succeed? There is nothing at large scale that seems likely to replace passwords."

Security experts have been warning for years about the vulnerability of passwords. We've been living in a world of 50-year-old technology," says Phillip Dunkelberger, a Silicon Valley veteran who is president and CEO of Nok Nok Labs, a two-year-old company selling stronger authentication approaches.

Together with Ponemon Institute, a research firm specializing in privacy and data protection issues, Palo Alto, California–based Nok Nok published a survey in April indicating consumers' openness to more-reliable technologies. When asked to name their preferred biometric methods for identity verification, more than 80 percent of nearly 2,000 "technology-literate" respondents in Germany, the U.S. and the U.K. listed voice recognition, followed by 70 percent for facial scans and 60 percent each for hand geometry and fingerprints.

Taking strong authentication mainstream will require not just mass acceptance but also an ecosystem of technologies, support services, corporate users and in some cases regulatory approval — and that is beginning to take shape.

The need for something better is obvious given the epidemic of identity theft and headline news like the April 23 hack into the Associated Press's Twitter feed, which spread false reports of explosions in the White House. That event set off predictable calls for stronger verification for Twitter accounts, perhaps by adding a biometric method. Adding a fingerprint or other incontrovertibly unique identifier to a log-on name and password delivers so-called multifactor authentication — and certainly a higher comfort level.

Such approaches are common in the corporate world. Bank employees sign in using one-time personal identification numbers generated by portable tokens like EMC Corp.'s SecurID products. Many of the 315,000 users of Bloomberg Professional terminals log on with fingerprints; the financial data network introduced biometric authentication in 2001.

Leave a Comment    (0)

  • POST