Archive

Archive for August, 2008

NYTimes on Passwords

August 13th, 2008
No comments

Yesterday the NY Times ran an article on passwords as access tools for our online accounts. The author rightly points out that passwords have problems:

Password-based log-ons are susceptible to being compromised in any number of ways. Consider a single threat, that posed by phishers who trick us into clicking to a site designed to mimic a legitimate one in order to harvest our log-on information. Once we’ve been suckered at one site and our password purloined, it can be tried at other sites.

The solution urged by the experts is to abandon passwords–and to move to a fundamentally different model, one in which humans play little or no part in logging on. … In short, we need a log-on system that relies on cryptography, not mnemonics.

The article continues, extolling the virtues of Identity cards and bemoaning the security distraction caused by OpenID. I think the author is missing the point about how we have choices as to combining tools. No single tool is going to be a silver bullet.

The Times article also rightly points out the challenge in adopting any alternative access system: users must adopt tools that are workable for them, and the websites must allow access to their services through these tools. This is really the more significant problem.

Coaching moment: Your passwords control pieces of who you are. In your hands, they give you power to do certain things. In the hands of another, the power is no longer yours.

[del.icio.us] [Facebook] [LinkedIn] [Ma.gnolia] [Technorati] [Twitter] [Email] More »

history , , , , , , ,

Switch to our mobile site