Passwords and Buggy Whips

In his Network World column yesterday, Dave Kearns equated passwords to buggy whips.  Speaking of the draft release of a new paper from the National Institute of Standards and Technology (NIST) called the "Guide to enterprise password management, " Dave proposed,
"Maybe next they'll draft guidelines for the proper use of buggy whips."

Dave later used even more forceful wording:

“Managing” a technology doesn’t make it a less unsafe technology.

Username/password as sole authentication method needs to go away, and go away now. Especially for the enterprise but, really, for everyone. As more and more of our personal data, private data, and economically valuable data moves out into “the cloud” it becomes absolutely necessary to provide stronger methods of identification. The sooner, the better. 

I agree that a better, easier to use and use more secure method is needed.  I hate to manage all the passwords I use, and fear for the day that my password system is compromised.

The big question is, "Replace username/password with what?"

I personally like the use of secure certificates, as illustrated in Henry Story's use of certificates in his demonstration iPhone app I blogged about recently.  However, the mechanism for distributing, installing and managing such credentials for ordinary computer users seems like a daunting task.  I also personally like the Information Card concept, at least for the conceptual metaphor it uses.  But that isn't a raging success and this technique is certainly burdened by its own challenges.

Perhaps this won't get solved until I can hold my finger on a sensor that reads my DNA signature with 100% accuracy and requires that my finger still be alive and attached to my body.  We'll see ...

By the way, the term "buggy whip," widely used to reference a technology or process displaced by a new trend or era, has morphed into a more sophisticated term, "carriage driving whip," used by the gentile "carriage enthusiast" set.  In fact, you can buy the nice little number pictured in this post for a mere $135.00 from Driving Essentials.  Just a fraction of the $495.00 you'd need to shell out for a genuine, German-made "Four-in-Hand Holly Whip with Leather Grip & 320cm Leather Lash".  It seems that buggy whips have not disappeared; they have their own niche market! 

Technorati Tags: , , , ,



Comments:

Post a Comment:
Comments are closed for this entry.
About

Discovering Identity was founded on blogs.sun.com in May 2005 as a means of documenting my exploration of the field of Identity and Access Management. In February, 2010, I switched to hosting the blog at DiscoveringIdentity.com. In March 2012, I began posting Oracle-related information in both places.

Thanks for stopping by.

Please connect with me in cyberspace at LinkedIn or Twitter.


The views expressed on this blog are my own and do not necessarily reflect the views of my employer, Oracle Corporation, or any other person or organization.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today