On CBS.com: Victoria Secret Model Contest -Vote Now!
BNET Business Network:
BNET
TechRepublic
ZDNet

January 30th, 2009

Why the password system hasn't died (yet)

Posted by Larry Dignan @ 9:19 am

Categories: General, Google, Security

Tags: Password, Larry Dignan

Identity management is one helluva paradox. In your daily work life you don’t sweat things like smart cards, one-time password tokens and USB tokens. Once you go home as a consumer you’re straining to remember your 20th log-in and password.

Google’s Cem Paya, who serves on the search giant’s security team, highlighted the obvious at Wharton’s Information Security Best Practices conference: Passwords are useless, outdated and a security risk. 

No argument here. I’ve been hearing that line for at least a decade now. Yet I’m not exactly carrying around my identity fob or national ID card that works offline and online. 

Paya called said the almost immortal password system is “a puzzling divide.” “For all the known limitations of passwords they remain primary,” said Paya. 

Where Paya’s talk, which was on federated identity management, differed is that it outlined why passwords persist. When you’re yapping with security vendors you always hear the opposite: Passwords stink and we have a better solution (that no prosumer uses). No one quite addresses why we’re still using passwords.

So without further ado here are Paya’s best guess on why pesky–and pretty insecure–passwords persist:

  • There’s no business model for issuing IDs to consumers.
  • Limiting user choice may annoy people.
  • Service providers can’t rely on third parties to manage identities–if that third party screws up it’s your problem.
  • Strong authentication has to be mandatory, but mandating an emerging technology risks losing customers. 
  • An opt-in policy can harm to customer satisfaction problems. What happens when you need a driver for your USB token?

When will the password officially be retired? I have no idea. And neither did Paya. National ID cards seem to be a non-starter in the U.S. And federated identity management systems are still nascent. Overall though, this password paradox is worth watching. At some point, passwords will die–and you can finally stop writing them on scrap paper taped to your monitor.

Larry DignanLarry Dignan is Editor in Chief of ZDNet and Editorial Director of ZDNet sister site TechRepublic. See his full profile and disclosure of his industry affiliations.

For daily updates, follow Larry on Twitter.

Email Larry Dignan

Subscribe to Between the Lines via Email alerts or RSS.

  • Talkback
  • Most Recent of 23 Talkback(s)
Their persistence is simple
its because like the data they protect, its a secret.

Humans, because of empirical evidence, only implicitly trust something they alone know. The content of someone's head - if not recorded any... (Read the rest)
Posted by: HexHammer67 Posted on: 02/07/09 You are currently: a Guest | | Terms of Use
Very simple Larry  croberts | 01/30/09
Very True  ExperiencedSoftwareDeveloper | 02/01/09
Re: Fingerprint  sullivanjc | 02/02/09
2 words  Roger Ramjet | 01/30/09
Actually...  914four | 02/03/09
RE: Why the password system hasn  RoyalScotsHighlander | 01/30/09
Password is a personal item  Bozhidar | 01/30/09
Two more words  peter_erskine@... | 01/31/09
Agree  Yeartenn | 02/01/09
Absurd  BALTHOR | 01/31/09
One word  davebarnes | 01/31/09
One password  CodeCurmudgeon | 02/02/09
The password system is slowly dying  Lerianis | 01/31/09
Security is no stronger than its weakest link, just like a chain.  Mikael_z | 02/01/09
Stop complianing about passwords  dreslough | 02/02/09
Sounds familliar...  914four | 02/03/09
Passwords are not outdated...  Narg | 02/02/09
RE: Why the password system hasn  mark16_15@... | 02/02/09
RE: Why the password system hasn  sqr(cos(180)) | 02/02/09
Simple answer...  dinosaur_z | 02/03/09
Until...  914four | 02/04/09
I agree, they must go away  Hobyx | 02/06/09
Their persistence is simple  HexHammer67 | 02/07/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement
Click Here

Recent Entries

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline