Some believe that the Internet security problem will be solved by a better, more secure
system than passwords, claiming that the password system is inherently insecure. While passwords are not 100% secure, irresponsible use of the system accounts for most of the difficulties. For example, because passwords are hard to
remember, users choose common dictionary words, reuse passwords
across accounts, and sometimes keep default passwords. This
behavior makes them sometimes easy to guess. 99% of the
time users care more about usability than security; Dealing with hacked accounts and
stolen money comprise the 1%. Users exhibiting this behavior take security into their own hands.
James Madison said, “If men were
angels, no government would be necessary.” Angels wouldn't need
artificial limits to coerce them into proper behavior. Our attempts
to coerce users into secure passwords fail to achieve their aim
(http://xkcd.com/936/).
Responsible users using the suboptimal password system would, in
practice, be more secure than irresponsible users using an inherently
more secure system like biometric authentication. We need to accept
that passwords are here to stay and educate users of the Internet,
meaning everyone, on Internet safety.
Passwords will be around for many more years. Even though other alternatives will become available.
ReplyDeleteI actually kind of like the idea of something like biometric authentication rather than a password. I have had a couple times where I can't remember my password because I have too many.
ReplyDeleteThe downside is, once someone steals your fingerprints, dna, whatever, it's hard to change your biometric password
DeleteWell it took less than a day to crack the new Phone 5s biometric scanner. Maybe one day it will be secure enough to rely on and not just be a fun and moderately broken tool.
ReplyDelete