Monday, May 26, 2014

Despite Data Thefts, the Password Endures

The Wall Street Journal (05/22/14) Danny Yadron; Katherine Rosman 

Although passwords are derided by some security experts as being an insufficient security measure, efforts to replace passwords with better protections face an uphill climb. "It's become kind of a nightmare," says 1990 ACM A.M. Turing Award recipient Fernando Corbato, who helped develop the first computer password while at the Massachusetts Institute of Technology in the early 1960s. "I don't think anybody can possibly remember all the passwords." However, researchers say replacing passwords with security measures such as biometrics and USB keys would require competing technology companies to work together to develop standards. In addition, Internet users may be hesitant to give up using passwords in favor of more secure options. Passwords also are inexpensive to use and are already deeply engrained in the design of many websites. Nevertheless, efforts are underway at some companies to move away from using passwords. For example, PayPal, Bank of America, and Google are among the companies that have formed the Fido Alliance, which has released a set of standards for security measures that could replace passwords with other types of online identification measures. Meanwhile, the National Strategy for Trusted Identities in Cyberspace, a task force created by President Barack Obama in 2011 to bolster online security, also is working to develop alternatives to passwords.