Passwords? We don't need no stinking passwords

[R.A. Hettinga]

<http://www.theregister.co.uk/2005/02/16/rsa_consumer_survey/print.html>

The Register


 Biting the hand that feeds IT

The Register » Security » Network Security »

 Original URL: http://www.theregister.co.uk/2005/02/16/rsa_consumer_survey/

Passwords? We don't need no stinking passwords
By John Leyden (john.leyden at theregister.co.uk)
Published Wednesday 16th February 2005 01:41 GMT

RSA 2005 Concerns over online security are continuing to slow consumer
e-commerce growth. A quarter of the respondents in a recent survey have
reduced their online purchases in the past year and 21 per cent refuse to
conduct business with their financial institutions online because of
security fears. More than half (53 per cent) of the 1,000 consumers quizzed
believe that basic passwords fail to provide sufficient protection for
sensitive personal information.

According to the RSA Security-sponsored telephone survey, poor management
of PINs and passwords for access to online services, desktop computer
systems, ATMs and other electronic accounts is a major vulnerability. As a
major supplier of two-factor authentication products and services that
offer an alternative to traditional static passwords, the issues raised by
RSA Security's survey are more than a little self-serving. That doesn't
mean its analysis is necessarily wrong, though. More and more security
experts are lining up against the use of static passwords for e-banking; in
part because the technique makes consumers easy prey for phishers. Even so,
obituaries for the humble password may be premature.

Adi Shamir, professor at Israel's Weizmann Institute of Science and noted
cryptographer, said: "Passwords are not completely dead. For low level
security apps they are still sufficiently good. It depends on the
application".

One PIN to rule them all

More than two in three respondents (65 per cent) quizzed in RSA Security's
survey use fewer than five passwords for all electronic information access
and 15 percent use a single password for everything. These figures are
unchanged from a similar survey last year.

John Worrall, VP of worldwide marketing at RSA Security, said: "The
majority of consumers are aware of the problems associated with passwords,
but until they are presented with a reliable, easy-to-use alternative,
they're going to continue to exhibit poor password management practices." ®


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com