Hi there, I am currently looking into the future of passwords and how
information will be secured in the future.  This involves problems
with the current password system, future developments and possible
alternatives.   I am looking for some expert help to point me in the
right direction.

So the question to you is to critically assess the following
prediction - "Eventually, the use of passwords will die out
completely" (Hawker 2000)

Hello Dontam ~

With the awareness on security, and Internet security in particular,
this was an interesting subject to review:

"Eventually, the use of passwords will die out completely" (Hawker
2000).

Clearly, there are problems with the use of passwords as security for
information. From snafus which caused access problems for millions
(see: "Password Snafu Blocks Internet Access for Millions" Tom Spring,
PC World.com, June 11, 2001), where Mindspring encountered day-long
authentication problems when Mindspring was acquired by Earthlink:
[ http://www.pcworld.com/news/article/0,aid,52384,00.asp ]

to scams to gain passwords for criminal purposes, such as the recent
PayPal email scam (see: "PayPal Users Targeted by E-Mail Scam--Again",
Linda Rosencrance, Computerworld, October 28, 2002), where a PayPal
look-alike site was set up to fool the unsuspecting into entering
their passwords, and then their accounts were emptied:
[ http://www.pcworld.com/news/article/0,aid,106412,00.asp ]

to  numerous security holes in popular software, (see: "Microsoft
Patches Ten Critical Security Flaws", Joris Evers and Sam Costello,
IDG News Service, April 11, 2002) where flaws in the software allow
hackers to gather password information.
[ http://www.pcworld.com/news/article/0,aid,93803,00.asp ]

It is obvious the use of passwords cannot remain the criteria for
security. "It has been well known in the security industry that
passwords are the weakest form of protection," said Randy Vanderhoof,
executive director of the Smart Card Alliance, an industry advocacy
group for smart card technology. "Once a password is issued, there's
no way to determine whether that password has been passed around to
other individuals." ("Identity Theft Highlights Serious Security
Flaws," Paul Roberts, IDG News Service, November 27, 2002)
[ http://www.pcworld.com/news/article/0,aid,107426,00.asp ]

A Look To The Future -

Security features for the future already in place or seriously being
looked into are smart cards, USB tokens and biometrics, but smart
cards and USB tokens can be stolen. "Smart cards, USB [Universal
Serial Bus] tokens, and biometrics will be some of the hot areas
because companies, organizations, and others are beginning to realize
they need to have a better handle on who's coming and going," Kolodgy
says. "Passwords just don't give you enough confidence in these
things." (Brian Fonseca, InfoWorld.com, January 02, 2002, quoting
Charles Kolodgy, Internet Security analyst at Framingham,
Massachusetts-based IDC.)
[ http://www.pcworld.com/news/article/0,aid,77703,00.asp ]

The most secure looks to be the use of biometric technology -- in the
form face recognition, iris and retinal scanning, or voice recognition
-- as effective methods of security.

Visa is looking into developing a voice recognition system for its
credit cards e-commerce. (see: "Visa Gets Behind Voice Recognition,"
Paul Roberts, IDG News Service, October 21, 2002),
[ http://www.pcworld.com/news/article/0,aid,106142,00.asp ]

Fujitsu is working on a computer mouse that incorporates biometrics to
scan the palm to ascertain the user's identification (see: "Mouse
Scans Palms to Verify ID", Martyn Williams, IDG News Service,
September 27, 2002)
[ http://www.pcworld.com/news/article/0,aid,105450,00.asp ]

and Sony is working on a fingertip memory card scanner (see: "Sony
Unveils Memory Stick Fingerprint Scanner," Martyn Williams, IDG News
Service, January 22, 2003)
[ http://www.pcworld.com/news/article/0,aid,108892,00.asp ]

For a while, biometrics was considered a slow starter. In post 9/11
concerns, it has become clearer that better security measures than
password protection is needed, and governments and business are
looking to biometrics to provide that security.

Search terms used:
security: password problems
password security problems
future passwords
future security
security measures +future

Thanks for the opportunity to research this - it was an eye opener!

Yours,
Serenata

---

Request for Answer Clarification by dontam-ga on 28 Feb 2003 05:18 PST

Hi Serenata,

Many thanks for your answer it was brilliant!  When you were
researching this you didnt happen to find out who this Hawker guy was
did you?

Thanks

Tamas

---

Clarification of Answer by serenata-ga on 28 Feb 2003 05:50 PST

Thanks for the compliment and the rating!

What? You don't know who s/he is, either???

Believe it or not, I found several references to "Hawker" ... but I
could not find your quote and couldn't tell which of those Hawkers
might be yours! I didn't let it stand in my way, though.

We could both feel pretty foolish if it turns out to be someone who we
*should* know. If *you* find out, let me know? I'll do the same!

Serenata

---

Clarification of Answer by serenata-ga on 28 Feb 2003 19:03 PST

Hi Dontam ~

The truth of the matter is that I couldn't figure out who Hawker was.
References I did find to "Hawker" (and there were a bunch!) did not
have that quote.

But I found so much good information, I just backed up the statement
(not hard when you believe it to be true, you know).

I'll keep my eyes open and tell you if I come across it, if you'll do
the same!

Serenata

Couldnt ask for more in this price range!

Passwords will absolutely not die out. To understand why, you have to
understand that security is not a binary proposition. Something is
never secure or not secure, it is always secure to a degree. Further,
there is normally a tradeoff between degree of security and usability.
There will always be situations where simple passwords provide enough
security.