While speaking at a conference sponsored by Australia’s national Computer Emergency Response Team (AusCERT), Jesper Johansson, Microsoft’s senior program manager for security policy, suggested IT departments change decades of common policy, and encourage users to write down their passwords. According to Johansson, users required to remember passwords on dozens of separate accounts will often use the same password for all–thus “reducing overall security”.
As someone with at least 15 different accounts, I understand Johansson’s suggestion, but feel it’s just a temporary solution. Encrypted password files and RSA tokens (which I’ve used in the past) offer higher security than simple passwords, but are also vulnerable to forgetful users.
Personally I’m ready for biometric authentication–thumb prints, iris scans, hand geometry, what ever. Electronic manufacturers should settle on a highly-secure standard and implement that technology across the board–computers, automobiles, ATMs, doors, and so forth. I don’t mind pairing my thumb print with a single password or pin. Having worked with end users for many years, I doubt most will have trouble remembering ONE alphanumeric key. Problems arise when we ask the average person to remember 20 different keys.