Cormac Herley, Paul van Oorschot and I recently led a panel discussion session at the Financial Cryptography and Data Security conference. The topic was passwords, which everyone agrees are problematic forms of authentication, but nobody seems to be doing much about it. We wrote up a summary of the issues and discussion at the conference and the paper is now available. Here is the Abstract:
While a lot has changed in Internet security in the last 10 years, a lot has stayed the same — such as the use of alphanumeric passwords. Passwords remain the dominant means of authentication on the Internet, even in the face of significant problems related to password forgetting and theft. In fact, despite large numbers of proposed alternatives, we must remember more passwords than ever before. Why is this? Will alphanumeric passwords still be ubiquitous in 2019, or will adoption of alternative proposals be commonplace? What must happen in order to move beyond passwords? This note pursues these questions, following a panel discussion at Financial Cryptography and Data Security 2009.
Citation: C. Herley, P.C. van Oorschot, A.S. Patrick. Passwords: If We’re So Smart, Why Are We Still Using Them? Financial Cryptography and Data Security (FC 2009), 13th International Conference, Rockley, Christ Church, Barbados, Feb. 2009 (post-proceedings to appear, Springer LNCS).
