20 years of alternatives have failed
Late last year IBM reckoned biometrics would finally replace the password within the next five years. The prediction was part of a series that also speculated that the digital divide would cease to exist and that mind-reading technology would become a possibility. But, at least on the subject of passwords, new research from Microsoft's Cormac Herley and computer science professor Paul van Oorschot explains why, despite the tech industry's best attempts, this is not the case.
[..] in a joint paper, Microsoft's Herley and Van Oorschot, a computer science professor at Ottawa’s Carleton University, argue that passwords are here to stay because alternatives such as PKI and biometrics have come up short. They added that lessons had not been learned from these failures, and said that as a result, the industry has become stuck in a rut.
They argue researchers need to revisit the subject of how to get passwords to work efficiently rather than assuming the approach is about to be written off as hopelessly flawed and unfixable. Passwords are here to stay, even though they certainly not appropriate in all cases, because "no other single technology matches their combination of cost, immediacy and convenience that many scenarios require".
"Passwords have proved themselves a worthy opponent: all who have attempted to replace them have failed," the two boffins conclude. "It is fair to say that little progress has been made in the last 20 years: usability has degraded significantly, while security has not improved. The reasons, we suggest, are widespread confusion about why we are trying to replace them, what is required of a replacement, and what improvement is expected once they are replaced."
Source: El Reg (channelregister.co.uk)