Passwords are past their sell-by-date

(06/09/2010)

Stephen Howes, CEO of GrIDsure, has commented on the latest research from Richard Boyd at the Georgia Tech Research Institute highlighting the weaknesses of passwords:

“The report from the Georgia Tech Research Institute correctly confirms that passwords are past their sell-by-date. However, I find it bewildering that the Institute is recommending passwords should become longer and more complicated. This goes against every other trend that I have come across in my business and personal life towards making things more convenient and less complicated. Who is seriously going to remember the recommended 12 character strong password consisting of letters, numbers and symbols? It’s a recipe for frustration and you can guarantee that users will either forget these passwords or, more likely, just write them down.

Ultimately, no matter how long and complex you make a password, it can still easily be hacked or stolen by means such as shoulder-surfing or malware (key-logging, screen scraping and so on). I therefore believe that static passwords have no place in today’s connected world and consumers should be offered more effective alternatives that offer better security without making their lives more complex or inconvenient.

Any method for logging on to a computer, a web site or an online service (e.g. online banking) should be based on a one-time passcode (OTP) system. These systems are extremely user-friendly, they are cost-effective for companies to implement, they offer much greater levels of security than passwords and do not force users to remember long and cumbersome set of characters.”

Related topics:  Authentication and identity management 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources