[Log In] []

Exploring the science and magic of Identity and Access Management
Thursday, April 25, 2024

Passwords and Buggy Whips

Author: Mark Dixon
Tuesday, May 5, 2009
4:24 pm

In his Network World column yesterday, Dave Kearns equated passwords to buggy whips.  Speaking of the draft release of a new paper from the National Institute of Standards and Technology (NIST) called the "Guide to enterprise password management, " Dave proposed,

"Maybe next they’ll draft guidelines for the proper use of buggy whips."

Dave later used even more forceful wording:

“Managing” a technology doesn’t make it a less unsafe technology.

Username/password as sole authentication method needs to go away, and go away now. Especially for the enterprise but, really, for everyone. As more and more of our personal data, private data, and economically valuable data moves out into “the cloud” it becomes absolutely necessary to provide stronger methods of identification. The sooner, the better. 

I agree that a better, easier to use and use more secure method is needed.  I hate to manage all the passwords I use, and fear for the day that my password system is compromised.

The big question is, "Replace username/password with what?"

I personally like the use of secure certificates, as illustrated in Henry Story’s use of certificates in his demonstration iPhone app I blogged about recently.  However, the mechanism for distributing, installing and managing such credentials for ordinary computer users seems like a daunting task.  I also personally like the Information Card concept, at least for the conceptual metaphor it uses.  But that isn’t a raging success and this technique is certainly burdened by its own challenges.

Perhaps this won’t get solved until I can hold my finger on a sensor that reads my DNA signature with 100% accuracy and requires that my finger still be alive and attached to my body.  We’ll see …

By the way, the term "buggy whip," widely used to reference a technology or process displaced by a new trend or era, has morphed into a more sophisticated term, "carriage driving whip," used by the gentile "carriage enthusiast" set.  In fact, you can buy the nice little number pictured in this post for a mere $135.00 from Driving Essentials.  Just a fraction of the $495.00 you’d need to shell out for a genuine, German-made "Four-in-Hand Holly Whip with Leather Grip & 320cm Leather Lash".  It seems that buggy whips have not disappeared; they have their own niche market! 

Technorati Tags: , , , ,

Comments Off on Passwords and Buggy Whips . Permalink . Trackback URL

Comments are closed.

Copyright © 2005-2016, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.