While speaking at a conference sponsored by Australia's national Computer Emergency Response Team (AusCERT), Jesper Johansson, Microsoft's senior program manager for security policy, suggested IT departments change decades of common policy, and encourage users to write down their passwords. According to Johansson, users required to remember passwords on dozens of separate accounts will often use the same password for all—thus "reducing overall security".
As someone with at least 15 different accounts, I understand Johansson's suggestion, but feel it's just a temporary solution. Encrypted password files and RSA tokens (which I've used in the past) offer higher security than simple passwords, but are also vulnerable to forgetful users.
Personally I'm ready for biometric authentication—thumb prints, iris scans, hand geometry, what ever. Electronic manufacturers should settle on a highly-secure standard and implement that technology across the board—computers, automobiles, ATMs, doors, and so forth. I don't mind pairing my thumb print with a single password or pin. Having worked with end users for many years, I doubt most will have trouble remembering ONE alphanumeric key. Problems arise when we ask the average person to remember 20 different keys.
Bill Detwiler has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop support specialist in the social research and energy industries. He has bachelor's and master's degrees from the University of Louisville, where he has also lectured on computer crime and crime prevention.