NYTimes on Passwords
Yesterday the NY Times ran an article on passwords as access tools for our online accounts. The author rightly points out that passwords have problems:
Password-based log-ons are susceptible to being compromised in any number of ways. Consider a single threat, that posed by phishers who trick us into clicking to a site designed to mimic a legitimate one in order to harvest our log-on information. Once we’ve been suckered at one site and our password purloined, it can be tried at other sites.
The solution urged by the experts is to abandon passwords — and to move to a fundamentally different model, one in which humans play little or no part in logging on. … In short, we need a log-on system that relies on cryptography, not mnemonics.
The article continues, extolling the virtues of Identity cards and bemoaning the security distraction caused by OpenID. I think the author is missing the point about how we have choices as to combining tools. No single tool is going to be a silver bullet.
The Times article also rightly points out the challenge in adopting any alternative access system: users must adopt tools that are workable for them, and the websites must allow access to their services through these tools. This is really the more significant problem.
Related posts: