Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

The National Strategy for Trusted Identities in Cyberspace (Enhancing Online Choice, Efficiency, Security, and Privacy through Standards)

Published

Author(s)

Jeremy A. Grant

Abstract

Dear Password, It’s time for you to retire. You’ve served us well, but the reality is that you’re woefully outdated and fundamentally insecure. Moreover, our reliance on you is making it difficult to move some very interesting and valuable types of transactions online. It’s time to replace you with a new set of trusted authentication technologies. It’s not that you were never helpful: when we first went online some 20 years ago, you were downright essential. But our old clunky desktops with green screens have been replaced by ultra-light, high-powered laptops and mobile devices. Dial-up has been superseded with broadband, both wired and wireless. Yet while almost every aspect of our online experiences has been upgraded, we’re still authenticating to these systems — and managing our online identities — via the same username and password technology that we used when we were dialing into Bulletin Board Systems over 1200-baud modems. Actually, in some ways, we’ve regressed. As attacks against password-based systems have increased, organizations have required that you, password, become more and more complicated — to the point that you’re nearly unusable. The complexities password requirements impose on most individuals to craft 20 to 30 passwords with letters, numbers, symbols, and such have prompted most individuals to give up — and then use the same one or two passwords everywhere they go. Moreover, our continued dependence on you as our primary means of authentication has left us woefully vulnerable and insecure. Key-logging malware, phishing attacks, man-in-the-middle attacks, and brute force attacks, among others, have proven you to be an easily defeated technology. Our continued reliance on you has created a soft underbelly on the Internet that makes not just government but also ordinary citizens and businesses vulnerable to an increasing array of attacks. So long, farewell, Auf wiedersehen, adieu. We need better authentication technologies to replace you.
Citation
IEEE Internet Computing
Volume
15
Issue
6

Keywords

trusted identities, cyberspace, privacy, standards, security, passwords, authentication technologies

Citation

Grant, J. (2011), The National Strategy for Trusted Identities in Cyberspace (Enhancing Online Choice, Efficiency, Security, and Privacy through Standards), IEEE Internet Computing, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=909550 (Accessed December 10, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created November 1, 2011, Updated February 19, 2017