An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
The National Strategy for Trusted Identities in Cyberspace (Enhancing Online Choice, Efficiency, Security, and Privacy through Standards)
Published
Author(s)
Jeremy A. Grant
Abstract
Dear Password, Its time for you to retire. Youve served us well, but the reality is that youre woefully outdated and fundamentally insecure. Moreover, our reliance on you is making it difficult to move some very interesting and valuable types of transactions online. Its time to replace you with a new set of trusted authentication technologies. Its not that you were never helpful: when we first went online some 20 years ago, you were downright essential. But our old clunky desktops with green screens have been replaced by ultra-light, high-powered laptops and mobile devices. Dial-up has been superseded with broadband, both wired and wireless. Yet while almost every aspect of our online experiences has been upgraded, were still authenticating to these systems and managing our online identities via the same username and password technology that we used when we were dialing into Bulletin Board Systems over 1200-baud modems. Actually, in some ways, weve regressed. As attacks against password-based systems have increased, organizations have required that you, password, become more and more complicated to the point that youre nearly unusable. The complexities password requirements impose on most individuals to craft 20 to 30 passwords with letters, numbers, symbols, and such have prompted most individuals to give up and then use the same one or two passwords everywhere they go. Moreover, our continued dependence on you as our primary means of authentication has left us woefully vulnerable and insecure. Key-logging malware, phishing attacks, man-in-the-middle attacks, and brute force attacks, among others, have proven you to be an easily defeated technology. Our continued reliance on you has created a soft underbelly on the Internet that makes not just government but also ordinary citizens and businesses vulnerable to an increasing array of attacks. So long, farewell, Auf wiedersehen, adieu. We need better authentication technologies to replace you.
Grant, J.
(2011),
The National Strategy for Trusted Identities in Cyberspace (Enhancing Online Choice, Efficiency, Security, and Privacy through Standards), IEEE Internet Computing, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=909550
(Accessed December 10, 2024)