Passwords – Déjà Vu All Over Again

With due credit to Yogi Berra, I found myself groaning “not again” when reading Randall Stross’s article “Goodbye, Passwords. You Aren’t a Good Defense, ” which appeared in the Week in Review section of the August 10, 2008 edition of the Sunday New York Times (free subscription required).

At first I was surprised to see such a detailed, somewhat specialized article hitting the popular press. However, it soon occurred to me that virtually every one of us is exposed to, and frustrated by, passwords and PINs (Personal Identification Numbers), whether we use a computer or not. What is also striking in the article is the veiled promotion of Microsoft’s “new, improved” authentication technology, which is apparently code-named “Infocard.” To Stross’s credit, he does raise one of the criticisms of the information card, namely, that anyone accessing a computer holding the Infocard could use it – unless of course the card is protected by a PIN (read “short password”).

Don’t you love the way security folks choose to use strong authentication methods in support of, or supported by, weak methods? For example, I know of one situation where biometrics (voice recognition) was used for password reset. Why didn’t they just use biometrics (no need to “reset”) as the primary means of authentication? The answer given was that biometrics was not used as the primary method as it is not reliable enough.

Post a Comment

Your email is never published nor shared. Required fields are marked *