Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Password
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=="The password is dead"== "The password is dead" is a recurring idea in [[computer security]]. The reasons given often include reference to the [[usability]] as well as security problems of passwords. It often accompanies arguments that the replacement of passwords by a more secure means of authentication is both necessary and imminent. This claim has been made by a number of people at least since 2004.<ref name="CNET"/><ref>{{cite news |last1=Kotadia |first1=Munir |title=Gates predicts death of the password |url=https://www.zdnet.com/article/gates-predicts-death-of-the-password/ |work=ZDNet |access-date=8 May 2019 |date=25 February 2004}}</ref><ref>{{cite web |url=http://www-03.ibm.com/press/us/en/pressrelease/36290.wss |title=IBM Reveals Five Innovations That Will Change Our Lives within Five Years |publisher=IBM |date=19 December 2011 |access-date=14 March 2015 |url-status=dead |archive-url=https://web.archive.org/web/20150317041625/http://www-03.ibm.com/press/us/en/pressrelease/36290.wss |archive-date=17 March 2015 }}</ref><ref>{{cite magazine |url=https://www.wired.com/2012/11/ff-mat-honan-password-hacker/ |title=Kill the Password: Why a String of Characters Can't Protect Us Anymore |magazine=Wired |date=15 May 2012 |access-date=14 March 2015 |first=Mat |last=Honan |url-status=live |archive-url=https://web.archive.org/web/20150316003756/http://www.wired.com/2012/11/ff-mat-honan-password-hacker/ |archive-date=16 March 2015 }}</ref><ref>{{cite web |url=https://www.cnet.com/news/google-security-exec-passwords-are-dead/ |title=Google security exec: 'Passwords are dead' |website=CNET |date=25 February 2004 |access-date=14 March 2015 |url-status=live |archive-url=https://web.archive.org/web/20150402115129/http://www.cnet.com/news/google-security-exec-passwords-are-dead/ |archive-date=2 April 2015 }}</ref><ref>{{cite web |url=http://www.computer.org/csdl/mags/sp/2013/01/msp2013010015-abs.html |title=Authentciation at Scale |publisher=IEEE |date=25 January 2013 |access-date=12 March 2015 |url-status=live |archive-url=https://web.archive.org/web/20150402141104/http://www.computer.org/csdl/mags/sp/2013/01/msp2013010015-abs.html |archive-date=2 April 2015 }}</ref><ref>{{cite news |url=https://www.wsj.com/articles/the-password-is-finally-dying-heres-mine-1405298376 |title=The Password Is Finally Dying. Here's Mine |newspaper=The Wall Street Journal |date=14 July 2014 |access-date=14 March 2015 |first=Christopher |last=Mims |url-status=live |archive-url=https://web.archive.org/web/20150313141548/http://www.wsj.com/articles/the-password-is-finally-dying-heres-mine-1405298376 |archive-date=13 March 2015 }}</ref><ref>{{cite magazine |url=http://www.computerworld.com/article/2490980/security0/russian-credential-theft-shows-why-the-password-is-dead.html |title=Russian credential theft shows why the password is dead |magazine=Computer World |date=14 August 2014 |access-date=14 March 2015 |url-status=live |archive-url=https://web.archive.org/web/20150402132011/http://www.computerworld.com/article/2490980/security0/russian-credential-theft-shows-why-the-password-is-dead.html |archive-date=2 April 2015 }}</ref> Alternatives to passwords include [[biometrics]], [[two-factor authentication]] or [[single sign-on]], [[Microsoft]]'s [[Cardspace]], the [[Higgins project]], the [[Liberty Alliance]], [[NSTIC]], the [[FIDO Alliance]] and various Identity 2.0 proposals.<ref>{{cite web |url=http://fedscoop.com/nstic-head-jeremy-grant-wants-kill-passwords |title=NSTIC head Jeremy Grant wants to kill passwords |work=FedScoop |date=14 September 2014 |access-date=14 March 2015 |url-status=live |archive-url=https://web.archive.org/web/20150318060936/http://fedscoop.com/nstic-head-jeremy-grant-wants-kill-passwords |archive-date=18 March 2015 }}</ref><ref>{{cite web |url=https://fidoalliance.org/specifications |title=Specifications Overview |publisher=FIDO Alliance |date=25 February 2014 |access-date=15 March 2015 |url-status=live |archive-url=https://web.archive.org/web/20150315054954/https://fidoalliance.org/specifications |archive-date=15 March 2015 }}</ref> However, in spite of these predictions and efforts to replace them passwords are still the dominant form of authentication on the web. In "The Persistence of Passwords", Cormac Herley and Paul van Oorschot suggest that every effort should be made to end the "spectacularly incorrect assumption" that passwords are dead.<ref>{{cite web |url=http://research.microsoft.com/apps/pubs/?id=154077 |title=A Research Agenda Acknowledging the Persistence of Passwords |publisher=IEEE Security&Privacy |date=Jan 2012 |access-date=20 June 2015 |url-status=live |archive-url=https://web.archive.org/web/20150620182839/http://research.microsoft.com/apps/pubs/?id=154077 |archive-date=20 June 2015 }}</ref> They argue that "no other single technology matches their combination of cost, immediacy and convenience" and that "passwords are themselves the best fit for many of the scenarios in which they are currently used." Following this, Bonneau et al. systematically compared web passwords to 35 competing authentication schemes in terms of their usability, deployability, and security.<ref name="Bonneau et al. 2012 tech report">{{cite journal |last1=Bonneau |first1=Joseph |last2=Herley |first2=Cormac |last3=Oorschot |first3=Paul C. van |last4=Stajano |first4=Frank |title=The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes |journal=Technical Report - University of Cambridge. Computer Laboratory |url=https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.html |publisher=University of Cambridge Computer Laboratory |access-date=22 March 2019 |location=Cambridge, UK |date=2012 |doi=10.48456/tr-817 |issn=1476-2986}}</ref><ref name="Bonneau et al. 2012 peer-reviewed paper">{{cite conference |last1=Bonneau |first1=Joseph |last2=Herley |first2=Cormac |last3=Oorschot |first3=Paul C. van |last4=Stajano |first4=Frank |title=2012 IEEE Symposium on Security and Privacy |chapter=The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes |conference=2012 IEEE Symposium on Security and Privacy|location=San Francisco, CA |date=2012 |pages=553β567 |doi=10.1109/SP.2012.44|isbn=978-1-4673-1244-8 }}</ref> Their analysis shows that most schemes do better than passwords on security, some schemes do better and some worse with respect to usability, while ''every'' scheme does worse than passwords on deployability. The authors conclude with the following observation: "Marginal gains are often not sufficient to reach the activation energy necessary to overcome significant transition costs, which may provide the best explanation of why we are likely to live considerably longer before seeing the funeral procession for passwords arrive at the cemetery."
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)