Skip navigation
Menu
Passwords will be with us for some time yet.
Security>Identity Management and Access Control

Passwords will be with us for some time yet.

Passwords work on the simple premise that one way of proving your identity is by knowing a secret. There is a lot of talk about getting rid of passwords, moving to something like picture passwords, facial recognition, biometrics, or even getting a new Kinect sensor to verify that the person in front of the screen has the physical characteristics of the person that has access to the machine.

People don’t like passwords for a multitude of reasons including:

  • Good passwords need to be complex, making them hard to remember. If they are hard to remember, people forget them and need to call the service desk to get them changed.
  • Passwords need to be changed frequently to minimize the chance of someone other than the owner learning them. Changing them frequently makes them hard to remember. If they are hard to remember, people forget them and need to call the service desk to get them changed.
  • That like any secret, a password can be learned by more than one person, making them less secure than other methods of proving identity, such as biometrics, which are much harder to fake.

While passwords are imperfect, the reason that they have stuck around so long, much like the QWERTY keyboard, is that for the most part they get the job done for a lower cost than other solutions.  A “more perfect” solution, such as smart cards and biometrics does increase security, but for most organizations the cost benefit of increased security isn’t matched by the cost of increasing the security. Put another way, while it’s worth spending $500 dollars on a safe that protects $2000, it’s harder to justify spending $2000 on a safe that protects $500. In a high security organization smart cards and biometrics may make sense because the cost of someone gaining access that they shouldn’t get is so high. In most organizations the cost of someone gaining illegitimate access isn’t that high so the money spent on improving security could be better spent elsewhere.

The only thing that will replace passwords is a solution that costs the same and provides noticeably better security. Until that happens, things like fingerprint readers and smartcards will only be used by a minority of organizations

Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
Text caption presenting Password Cracking on a button on top of a keyboard
Using PowerShell for Brute-Force Password Cracking (Example Script)
Apr 17, 2024
padlock icon on an abstract background
Cisco Duo's Multifactor Authentication Service Breached
Apr 15, 2024
laptop with microsoft logo on the screen
U.S. Warns Agencies of Possible Breach via Microsoft Hack
Apr 11, 2024
3D padlock with glowing keyhole on top of abstract digital background
10 Essential Measures To Secure Access Credentials
Mar 26, 2024