Advertisement
Promo

Online business Toolkit

Is the age of the password over?

Ina Fried CNET News.com

Published: 23 Feb 2005 16:10 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

As online scams get more sophisticated, passwords are becoming hopelessly outmoded -- as passé as floppy disks.

Yet many businesses and nearly all consumers still rely on passwords as the primary means of verifying who they say they are.

At last week's RSA security conference, Microsoft Chairman Bill Gates sounded once again his well-worn call for an end to passwords, while on the show floor, companies touted gadgets to help verify identity.

There's plenty of technology that could augment or replace the password, from smart cards to password-generating tokens to mobile phone-based systems. They have yet to catch on. One hurdle is that it can be inconvenient to have to keep a piece of hardware handy. But the real problem, analysts said, is that neither businesses nor consumers appear ready to pay for them.

"Every bank I talk to doesn't want to hand out tokens," Gartner analyst Avivah Litan said. "They're too expensive."

The cost of such a service is not insignificant. For instance, companies that have signed up for RSA Security's corporate hardware tokens pay on average $35 to $40 per employee as part of an annual service deal. However, a consumer service could cost a bank or other online service provider far less, if they hand out hundreds of thousands or millions of the gadgets.

Passwords are seen by many experts as a weak link in the security chain. A well-circulated research paper from 1979 noted that a significant share of passwords could be easily guessed in less than 5 minutes -- and that was when punch cards were popular.

Web shops, online banks and other companies doing business on the Internet recommend that customers choose a password that is easy for them to remember but hard for someone else to guess. The reality is that the converse is usually true. Few of us can remember all of our passwords, and yet the bad guys, armed with sophisticated software, can crack most passwords in a matter of minutes.

RSA's SecurID token, which generates a one-time password (OTP) every few seconds, is only one of the hardware products on the market that aim to bolster security for consumers. Credit card-size smart cards slot into a reader and can be part of two-factor authentication. In this system, two ID elements -- the smart card and a PIN, for example -- are used to restrict or monitor access. A USB token works like a smart card, but plugs directly into a PC, instead of into a special reader. Another system sends one-time passwords via text message to a customer's registered mobile phone.

Next

Previous

1 2 3 4


  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
235 out of 430 people found this useful


Company/Topic Alerts

Create a new alert from the list below:




Sentry Posts Blog

Behind the Scenes: Next Gen Mobile Tec...

Behind the Scenes: Next Gen Mobile Technology Author: Eric Everson, Founder MyMobiSafe.com With infrastructure speeds continually improving at the network level of the world’s leading... More

Post a comment

Nasa hacker petition presented to Numb...

Sting's wife Trudie Styler and Janis Sharp have presented a petition to Number 10 calling for Nasa hacker Gary McKinnon not to be extradited to the US. Styler, and Sharp, who is... More

Post a comment

UK to appoint cyber-sec tsar?

The UK is to appoint a cyber security tsar along the lines of the US, according to a story in the Telegraph this morning. The story is similar to one that appeared in the Guardian... More

Post a comment

Video icon

Video

Google Chrome

Roundup: Full coverage of the Google Chrome launch

The search giant has launched a beta of its own open-source browser, sending a clear challenge to Microsoft in the way it lets users work with applications More

Blog: Google Chrome has Microsoft's code inside, says MS manager

And furthermore, he says, that's a good thing... More

Blog: Google Chrome — nine things we've found since launch

Google must be very happy with the coverage Chrome has gathered. But it's not all good news... More


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

Newsletters