Why Passwords Still Rock

by
janrinok
from SoylentNews on (#6R9W6)

canopic jug writes:

A lot of security myths have acquired lives of their own and taken as facts. Dr. Andy Farnell over at the Cyber Show's blog has posted an item about where passwords can still fit in as a part of general authentication despite what fleets of salesmen selling authentication gimmicks tell us.

Security models: password or tracker?

Indeed people do not discriminate two vastly different security modelsthat should really be obvious with a moments thought. The question is,"who is the security for?"

Security schemes that ask that you carry around a device which isconnected permanently to a network and uses a mechanism that isentirely opaque to you is a different kind of security. It is morethan a mere access control. It is not security for you.

It may pass for "something you have" but also has a function to act asa location or close proximity biometric remote sensor for an observerelsewhere. It's a tracking device.

[...] Partly it's because we've been using passwords wrong for about thepast 40 years. The new NIST document partially puts that right. It'salso because there's a massive "security industry" that sells things -and you can't sell people the ability to think up a new password intheir own head. Where's the profit in that?

Instead they'll tell you that you need a fangled security system ofgadgets and retina scans, and that you're too stupid to be trustedwith your own security. They are wrong. In most cases passwords arejust fine if not better than alternatives, and in this post we'regoing to explain why.

Thus another theme of this essay is personal responsibility and thecrux of the argument is that all security solutions which are notpasswords solve problems that are not yours.

Like self-service checkouts at the supermarket that make customersinto employees, they are a way of passing blame, liability, and workonto you in order to solve someone elses security problem. AsProf. Ross Anderson bluntly puts it;

"If Alice guards a system but Bob pays the cost of failure, you canexpect trouble."

Cybersecurity has become more harmful than helpful in many cases and biometrics are more of a user name than a password despite the constant misuse as the latter.

Previously:
(2024) NIST Proposes Barring Some of the Most Nonsensical Password Rules
(2024) VISA and Biometric Authentication
(2023) A Fifth of Passwords Used by Federal Agency Cracked in Security Audit
(2020) Here's Yet Another Reason Why You Really Should Start Using Better Passwords

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments