Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: Passwords stink. Is there a replacement?

Stuart Kippelman | Oct. 1, 2013
The use of passwords dates back to the Spatan military in the 700 BC. Is there really a replacement for it?

Although MIT developed the first computer password in 1961, it's a technology that can be traced back far earlier.  After a quick Internet search, I discovered that the use of passwords dates back to the Spartan military in 700 BC.  So much for progress. One would think that after 2,700+ years we would have come up with a better way of doing things. Are there other possible options?

While the technology has changed since MIT's work in 1961, the concept remains the same: using a complex password, of the right length, changing it frequently, will provide a reasonable level of security.  However, after conducting an informal survey of peers and contacts, I was shocked to see the average person is dealing with and managing over 200 passwords (some had over 300!) because we need a password for just about everything — from banking to benefits, social networking to photo sharing, news and travel, shopping and entertainment, to online thermostats and garage door openers (very cool by the way). 

The complexity of managing so many passwords has created the need for password managers, and there are many to choose from: cloud-based versions, offline versions, and options to view the data on every type of device.  They provide a reasonable level of security, but again, anything can be hacked, so this is really just an interim fix.  I've also found the use of password managers is a very opinionated and emotional topic.  Those I spoke with are either big fans or huge opponents. 

Is biometrics an option?  Apple made headlines with its recent release of the iPhone 5s, including a new kind of fingerprint scanner they are calling Touch ID.  I won't go into the details as many others have, however, I will point out that this is nothing new.  Back in 2004, IBM introduced a fingerprint reader built into the ThinkPad T42.  I remember how excited I was to see it and use it at the time, but I don't remember using it since.  As I look at the notebook computer I'm writing this blog on, I see that the same fingerprint scanner is built in and yet I've not used it until now. After re-enabling the software, it seems to work fine.  It scanned my fingers and I was able to log in.  I discovered that not much has changed since 2004.  So why don't I use it?  Well, because without a lot of other technology enabled, working, and synchronizing, it's not secure and doesn't meet the corporate standards of an acceptable solution.  But to lock your children out from purchasing music, it's perfect!

Dual factor authentication is a good answer to the problem.  Just like an ATM card, the concept of something you have (the card), and something you know (the PIN number), provides the best combination of security and ease-of-use.  While a number of online services have enabled this capability if a user opts for it (such as Facebook), I can only guess most people don't utilize it because it's another step. 

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.