Petition calls for an end to passwords

Passwords are a thing of the past -- and they need to go, according to a group of Silicon Valley-based tech companies who are part of a public advocacy campaign called Petition Against Passwords.

Passwords are the keys that enable access. At the same time, they're also the weak link that smashes the security chain, according to many experts, who for years have warned that passwords simply don't work as they used to, and that password protection alone isn't enough.

The problem with passwords is two-fold, according to the advocacy group, which aims to influence large digital service providers to move towards "password-less" authentication and identity protection. On one hand, users either create easily remembered passwords that are entirely too weak or they are forced to pick passwords that are hard to remember, but quickly cracked by machines. The other side to that is a lack of password policy enforcement, and the gaps in basic data protection that can lead to breaches that expose millions of passwords. When breaches expose passwords, they often make their way online and wind up in wordlists that are used by password cracking software.

[Related:Despite hopeful initiatives, demise of passwords years away]

Last April, LivingSocial, a website dedicated to offering consumers daily deals on local products and services, was compromised and some 50 million users were urged to change their passwords. The concern was that many of the users that were exposed faced additional risk due to password recycling. The incident also highlighted the importance of properly protecting user data, especially passwords.

"Because passwords must be stored on a central server, sites are tasked with protecting them from a persistent onslaught of attacks. Even the best protected servers eventually fall. The results can cost the company millions of dollars and drastically impact consumer trust," wrote Brennen Byrne, the CEO of Clef, an Identity Management and Protection firm that leverages smartphones as a means of authentication, which is part of the campaign. Other companies, including OneID, LaunchKey and Nok Nok Labs have also joined in support of the movement.

Byrne's words come from a manifesto of sorts, calling for Internet users to demand something different when it comes to authentication. Over the last few years, there has been a push to replace passwords, or at least augment them with additional layers of security. For example, Two-Factor Authentication is one such augmentation. It works, and it has seen wide adoption by businesses and consumers alike. However, there are others that wanting to move far beyond Two-Factor and similar advancements.

In May, Motorola's Regina Dugan made headlines when she suggested tattoos and pills as alternate means of authentication. A month before that, researchers at the University of California, Berkeley, released research on using brainwaves as a means of authentication.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about Motorola

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Steve Ragan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts