Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Niidae Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Password
(section)
Page
Discussion
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=="The password is dead"== "The password is dead" is a recurring idea in [[computer security]]. The reasons given often include reference to the [[usability]] as well as security problems of passwords. It often accompanies arguments that the replacement of passwords by a more secure means of authentication is both necessary and imminent. This claim has been made by a number of people at least since 2004.<ref name="CNET"/><ref>{{cite news |last1=Kotadia |first1=Munir |title=Gates predicts death of the password |url=https://www.zdnet.com/article/gates-predicts-death-of-the-password/ |work=ZDNet |access-date=8 May 2019 |date=25 February 2004}}</ref><ref>{{cite web |url=http://www-03.ibm.com/press/us/en/pressrelease/36290.wss |title=IBM Reveals Five Innovations That Will Change Our Lives within Five Years |publisher=IBM |date=19 December 2011 |access-date=14 March 2015 |url-status=dead |archive-url=https://web.archive.org/web/20150317041625/http://www-03.ibm.com/press/us/en/pressrelease/36290.wss |archive-date=17 March 2015 }}</ref><ref>{{cite magazine |url=https://www.wired.com/2012/11/ff-mat-honan-password-hacker/ |title=Kill the Password: Why a String of Characters Can't Protect Us Anymore |magazine=Wired |date=15 May 2012 |access-date=14 March 2015 |first=Mat |last=Honan |url-status=live |archive-url=https://web.archive.org/web/20150316003756/http://www.wired.com/2012/11/ff-mat-honan-password-hacker/ |archive-date=16 March 2015 }}</ref><ref>{{cite web |url=https://www.cnet.com/news/google-security-exec-passwords-are-dead/ |title=Google security exec: 'Passwords are dead' |website=CNET |date=25 February 2004 |access-date=14 March 2015 |url-status=live |archive-url=https://web.archive.org/web/20150402115129/http://www.cnet.com/news/google-security-exec-passwords-are-dead/ |archive-date=2 April 2015 }}</ref><ref>{{cite web |url=http://www.computer.org/csdl/mags/sp/2013/01/msp2013010015-abs.html |title=Authentciation at Scale |publisher=IEEE |date=25 January 2013 |access-date=12 March 2015 |url-status=live |archive-url=https://web.archive.org/web/20150402141104/http://www.computer.org/csdl/mags/sp/2013/01/msp2013010015-abs.html |archive-date=2 April 2015 }}</ref><ref>{{cite news |url=https://www.wsj.com/articles/the-password-is-finally-dying-heres-mine-1405298376 |title=The Password Is Finally Dying. Here's Mine |newspaper=The Wall Street Journal |date=14 July 2014 |access-date=14 March 2015 |first=Christopher |last=Mims |url-status=live |archive-url=https://web.archive.org/web/20150313141548/http://www.wsj.com/articles/the-password-is-finally-dying-heres-mine-1405298376 |archive-date=13 March 2015 }}</ref><ref>{{cite magazine |url=http://www.computerworld.com/article/2490980/security0/russian-credential-theft-shows-why-the-password-is-dead.html |title=Russian credential theft shows why the password is dead |magazine=Computer World |date=14 August 2014 |access-date=14 March 2015 |url-status=live |archive-url=https://web.archive.org/web/20150402132011/http://www.computerworld.com/article/2490980/security0/russian-credential-theft-shows-why-the-password-is-dead.html |archive-date=2 April 2015 }}</ref> Alternatives to passwords include [[biometrics]], [[two-factor authentication]] or [[single sign-on]], [[Microsoft]]'s [[Cardspace]], the [[Higgins project]], the [[Liberty Alliance]], [[NSTIC]], the [[FIDO Alliance]] and various Identity 2.0 proposals.<ref>{{cite web |url=http://fedscoop.com/nstic-head-jeremy-grant-wants-kill-passwords |title=NSTIC head Jeremy Grant wants to kill passwords |work=FedScoop |date=14 September 2014 |access-date=14 March 2015 |url-status=live |archive-url=https://web.archive.org/web/20150318060936/http://fedscoop.com/nstic-head-jeremy-grant-wants-kill-passwords |archive-date=18 March 2015 }}</ref><ref>{{cite web |url=https://fidoalliance.org/specifications |title=Specifications Overview |publisher=FIDO Alliance |date=25 February 2014 |access-date=15 March 2015 |url-status=live |archive-url=https://web.archive.org/web/20150315054954/https://fidoalliance.org/specifications |archive-date=15 March 2015 }}</ref> However, in spite of these predictions and efforts to replace them passwords are still the dominant form of authentication on the web. In "The Persistence of Passwords", Cormac Herley and Paul van Oorschot suggest that every effort should be made to end the "spectacularly incorrect assumption" that passwords are dead.<ref>{{cite web |url=http://research.microsoft.com/apps/pubs/?id=154077 |title=A Research Agenda Acknowledging the Persistence of Passwords |publisher=IEEE Security&Privacy |date=Jan 2012 |access-date=20 June 2015 |url-status=live |archive-url=https://web.archive.org/web/20150620182839/http://research.microsoft.com/apps/pubs/?id=154077 |archive-date=20 June 2015 }}</ref> They argue that "no other single technology matches their combination of cost, immediacy and convenience" and that "passwords are themselves the best fit for many of the scenarios in which they are currently used." Following this, Bonneau et al. systematically compared web passwords to 35 competing authentication schemes in terms of their usability, deployability, and security.<ref name="Bonneau et al. 2012 tech report">{{cite journal |last1=Bonneau |first1=Joseph |last2=Herley |first2=Cormac |last3=Oorschot |first3=Paul C. van |last4=Stajano |first4=Frank |title=The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes |journal=Technical Report - University of Cambridge. Computer Laboratory |url=https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.html |publisher=University of Cambridge Computer Laboratory |access-date=22 March 2019 |location=Cambridge, UK |date=2012 |doi=10.48456/tr-817 |issn=1476-2986}}</ref><ref name="Bonneau et al. 2012 peer-reviewed paper">{{cite conference |last1=Bonneau |first1=Joseph |last2=Herley |first2=Cormac |last3=Oorschot |first3=Paul C. van |last4=Stajano |first4=Frank |title=2012 IEEE Symposium on Security and Privacy |chapter=The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes |conference=2012 IEEE Symposium on Security and Privacy|location=San Francisco, CA |date=2012 |pages=553β567 |doi=10.1109/SP.2012.44|isbn=978-1-4673-1244-8 }}</ref> Their analysis shows that most schemes do better than passwords on security, some schemes do better and some worse with respect to usability, while ''every'' scheme does worse than passwords on deployability. The authors conclude with the following observation: "Marginal gains are often not sufficient to reach the activation energy necessary to overcome significant transition costs, which may provide the best explanation of why we are likely to live considerably longer before seeing the funeral procession for passwords arrive at the cemetery."
Summary:
Please note that all contributions to Niidae Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Encyclopedia:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Search
Search
Editing
Password
(section)
Add topic
