Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo

Publication Citation: The National Strategy for Trusted Identities in Cyberspace (Enhancing Online Choice, Efficiency, Security, and Privacy through Standards)

NIST Authors in Bold

Author(s): Jeremy A. Grant;
Title: The National Strategy for Trusted Identities in Cyberspace (Enhancing Online Choice, Efficiency, Security, and Privacy through Standards)
Published: November 01, 2011
Abstract: Dear Password, It‰s time for you to retire. You‰ve served us well, but the reality is that you‰re woefully outdated and fundamentally insecure. Moreover, our reliance on you is making it difficult to move some very interesting and valuable types of transactions online. It‰s time to replace you with a new set of trusted authentication technologies. It‰s not that you were never helpful: when we first went online some 20 years ago, you were downright essential. But our old clunky desktops with green screens have been replaced by ultra-light, high-powered laptops and mobile devices. Dial-up has been superseded with broadband, both wired and wireless. Yet while almost every aspect of our online experiences has been upgraded, we‰re still authenticating to these systems , and managing our online identities , via the same username and password technology that we used when we were dialing into Bulletin Board Systems over 1200-baud modems. Actually, in some ways, we‰ve regressed. As attacks against password-based systems have increased, organizations have required that you, password, become more and more complicated , to the point that you‰re nearly unusable. The complexities password requirements impose on most individuals to craft 20 to 30 passwords with letters, numbers, symbols, and such have prompted most individuals to give up , and then use the same one or two passwords everywhere they go. Moreover, our continued dependence on you as our primary means of authentication has left us woefully vulnerable and insecure. Key-logging malware, phishing attacks, man-in-the-middle attacks, and brute force attacks, among others, have proven you to be an easily defeated technology. Our continued reliance on you has created a soft underbelly on the Internet that makes not just government but also ordinary citizens and businesses vulnerable to an increasing array of attacks. So long, farewell, Auf wiedersehen, adieu. We need better authentication technologies to replace you.
Citation: IEEE Internet Computing
Volume: 15
Issue: 6
Pages: pp. 80 - 84
Keywords: trusted identities, cyberspace, privacy, standards, security, passwords, authentication technologies,
Research Areas: Information Technology, Cybersecurity
PDF version: PDF Document Click here to retrieve PDF version of paper (604KB)