ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Online business Toolkit

Is the age of the password over?

Ina Fried CNET News.com

Published: 23 Feb 2005 16:10 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

"The devil's in the details here," Gentile said. Tokens have a place, he said, but that place is not the same in each business. "What's appropriate for one type of business and usage pattern may be very different from another."

There is also the issue of convenience. While RSA's tokens are small enough to fit on a keychain, they are also easily lost. People might be amenable to carrying one token. Less appealling to people is the prospect of needing one device to verify themselves to a bank, then another for their stockbroker, and ending up with a bunch of tokens.

A solution would be for online service providers to agree on a single product or standard. For now, it's unclear whether companies will come to an agreement on this. RSA, for its part, said it will try and work not only with its devices, but also with similar devices from others.

End of the line?
Some analysts do see the password fading as the primary means of authentication, particularly for online banking.

In a December report, Gartner estimated that by the end of 2007, 60 percent to 75 percent of US banks will use something stronger than a password, but stop short of giving out hardware tokens. Roughly 7 percent more will go as far as to hand out something like the RSA token, the research firm predicted.

Overseas, the overwhelming majority of banks will require something more than a simple password, with anywhere between one-third and one-half of banks requiring a hardware token, Gartner analysts said.

The bad news in Gartner study is that by the time many of these new systems become common, the thieves will have also moved on. By the end of 2007, half of today's stronger methods of authentication will no longer be strong enough to foil phishing or other online attacks, the report's authors said.

While technology providers have focused on hardware devices as a secondary means of identity authentication, research has come up with less costly replacements for the password.

Next

Previous

1 2 3 4


  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
235 out of 430 people found this useful


Talkback

Post a comment


Full Talkback thread

3 comments

  1. What's all the dithering about, and whats all this... samuel
  2. The banks may be reluctant to hand out hardware to... Paul
  3. Having worked in the IT industry for over twenty y... Mark Bradfield

Related Links

More In Online business


Company/Topic Alerts

Create a new alert from the list below:




Related Jobs

Senior Fraud Analyst, 30,000- 35,000, SAS, West Yorkshire

Data Analyst opportunity,One of the Worlds leading Investment Banks

Oracle Identity Manager - Contract Opportunity - South West

Sentry Posts Blog

Nasa and the virus

Yesterday the BBC ran a story about a computer virus making it into orbit, which I read with incredulity. OK, it's a nice silly season story on the surface, but what really got me was... More

3 comments

Customer data found on eBay server hig...

The recent news about customer details being retrieved from a server sold on eBay is yet another story about the sorry state of information security in the electronic age (see: http://news.zdnet.co.uk/...m).... More

Post a comment

Does it matter if you are an aardvark...

In spam terms, apparently it does. According to Cambridge University security expert Richard Clayton, if your email address is aardvark at animal.net, you are more likely to receive... More

5 comments