Monday, January 31, 2011

An End to Passwords

It can't come too soon for me! I've been dreaming up / approving / disapproving / cursing at new password schemes since the 1970's when the company I worked for (a property/casualty insurance giant) formed a new department under me called "I/T Staff Services" that included, for the first time, computer security. Until then there were no passwords and our user IDs were our last names. My newly appointed security chief recommended to me that we create user IDs that could indicate what variety of user you were (making it possible to attach your user ID to certain rights and privileges) and that we make passwords mandatory, with standardized composition, and have them expire every six months.

Over the years I've watched password standards get more and more complex. No longer the creator of standards, like most of humanity I am on the receiving end. Each day one or more of my many online accounts informs me that my password has to be longer, more complex, and attached to a series of security questions and actions. All this to create a password that, in a year or so, can be broken by a 12 year old kid using free software on his/her game playing computer.

FINALLY the solution may be in sight! Biometrics, a set of technologies aimed at identifying humans based on their unique physiological and/or behavioral attributes has been long on promise and short on delivery for many years with the exception of expensive military installations and phony television scripts. At last a major player, Apple, may be poised to bring this "ease of use" technology to the masses. Check out the article in Computerworld here.