Ant Allan, IT security expert, spoke at a IT summit this week regarding the functionality of using passwords as a protection measure in today's IT environment. He stressed the uselessness of passwords as time goes on, that this software-based approach to preventing unauthorized access is hindering real security. As they become more complex and must be changed more often, people like them less, forget them more, and are inclined to writing them down. With increasing usage of hardware-based encryption and alternative authentication methods such as Softkeys (A small device you plug into a computer) and biometrics, criminals and other unsavory types have switched their focus to newer technologies - well in advance of the majority of companies in business today. Two factor authentication, proposed as a solution for businesses to begin implementing today, is apparently also not feasible. From the article:
"People are selling two-factor authentication as the solution to our current identity-theft problems, but it was designed to solve the issues from 10 years ago."
The big problem identified with passwords is, that like all software solutions, they can be brute forced, eventually. Passwords, tokens, digital signatures, et cetera - can eventually be brute forced or circumvented. Things you carry with you such as smart cards aren't susceptible to this. Although perhaps moving towards more hardware authentication is better for security, I have to ask: Isn't that why passwords were invented in the first place? Physical "keys" have been around for thousands of years. Are we going right back to them?