Petition calls for an end to passwords

Passwords are a thing of the past -- and they need to go, according to a group of Silicon Valley-based tech companies who are part of a public advocacy campaign called Petition Against Passwords.

Passwords are the keys that enable access. At the same time, they're also the weak link that smashes the security chain, according to many experts, who for years have warned that passwords simply don't work as they used to, and that password protection alone isn't enough.

The problem with passwords is two-fold, according to the advocacy group, which aims to influence large digital service providers to move towards "password-less" authentication and identity protection. On one hand, users either create easily remembered passwords that are entirely too weak or they are forced to pick passwords that are hard to remember, but quickly cracked by machines. The other side to that is a lack of password policy enforcement, and the gaps in basic data protection that can lead to breaches that expose millions of passwords. When breaches expose passwords, they often make their way online and wind up in wordlists that are used by password cracking software.

[Related:Despite hopeful initiatives, demise of passwords years away]

Last April, LivingSocial, a website dedicated to offering consumers daily deals on local products and services, was compromised and some 50 million users were urged to change their passwords. The concern was that many of the users that were exposed faced additional risk due to password recycling. The incident also highlighted the importance of properly protecting user data, especially passwords.

"Because passwords must be stored on a central server, sites are tasked with protecting them from a persistent onslaught of attacks. Even the best protected servers eventually fall. The results can cost the company millions of dollars and drastically impact consumer trust," wrote Brennen Byrne, the CEO of Clef, an Identity Management and Protection firm that leverages smartphones as a means of authentication, which is part of the campaign. Other companies, including OneID, LaunchKey and Nok Nok Labs have also joined in support of the movement.

Byrne's words come from a manifesto of sorts, calling for Internet users to demand something different when it comes to authentication. Over the last few years, there has been a push to replace passwords, or at least augment them with additional layers of security. For example, Two-Factor Authentication is one such augmentation. It works, and it has seen wide adoption by businesses and consumers alike. However, there are others that wanting to move far beyond Two-Factor and similar advancements.

In May, Motorola's Regina Dugan made headlines when she suggested tattoos and pills as alternate means of authentication. A month before that, researchers at the University of California, Berkeley, released research on using brainwaves as a means of authentication.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about Motorola

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Steve Ragan

Latest Videos

More videos

Blog Posts