• United States



Senior Staff Writer

Petition calls for an end to passwords

Jul 16, 20132 mins
Access ControlAuthenticationData and Information Security

A public advocacy campaign called Petition Against Passwords claims passwords are a thing of the past, and that new methods of authentication are necessary to secure the future

Passwords are a thing of the past and they need to go, according to a group of Silicon Valley-based tech companies who will launch a public advocacy campaign called Petition Against Passwords next week.

Passwords are the keys that enable access. At the same time, they’re also the weak link that smashes the security chain, according to many experts, who for years have warned that passwords simply don’t work as they used to, and that password protection alone isn’t enough.

The problem with passwords is two-fold, according to the advocacy group, which aims to influence large digital service providers to move towards “passwordless” authentication and identity protection. On one hand, users either create easily remembered passwords that are entirely too weak or they are forced to pick passwords that are hard to remember, but quickly cracked by machines. The other side to that is a lack of password policy enforcement, and the gaps in basic data protection that can lead to breaches that expose millions of passwords. When breaches expose passwords, they often make their way online and wind up in wordlists that are used by password cracking software.

[Related:Despite hopeful initiatives, demise of passwords years away]

Last April, LivingSocial, a website dedicated to offering consumers daily deals on local products and services, was compromised and some 50 million users were urged to change their passwords. The concern was that many of the users that were exposed faced additional risk due to password recycling. The incident also highlighted the importance of properly protecting user data, especially passwords.

Over the last few years, there has been a push to replace passwords, or at least augment them with additional layers of security. For example, Two-Factor Authentication is one such augmentation. It works, and it has seen wide adoption by businesses and consumers alike. However, there are others that wanting to move far beyond Two-Factor and similar advancements.

In May, Motorola’s Regina Dugan made headlines when she suggested tattoos and pills as alternate means of authentication. A month before that, researchers at the University of California, Berkeley, released research on using brainwaves as a means of authentication.

To date identity companies LaunchKey, OneID, Clef and consumer advocacy group TechFreedom have signed on to support the petition. The Petition Against Passwords initiative will go live on July 24, 2013.