Slashdot Mirror
Passwords Not Going Away Any Time Soon
New submitter isoloisti writes "Hot on the heels of IBM's 'no more passwords' prediction, Wired has an article about provocative research saying that passwords are here to stay. Researchers from Microsoft and Carleton U. take a harsh view of research on authentication (PDF), saying, 'no progress has been made in the last twenty years.' They dismiss biometrics, PKI, OpenID, and single-signon: 'Not only have proposed alternatives failed, but we have learnt little from the failures.' Because the computer industry so thoroughly wrote off passwords about a decade ago, not enough serious research has gone into improving passwords and understanding how they get compromised in the real world. 'It is time to admit that passwords will be with us for some time, and moreover, that in many instances they are the best-fit among currently known solutions.'"
Yeah; I've got to say, the situation with passwords could be improved just by allowing more space for them. xkcd/diceware-style phrases just plain don't fit in most password fields, but they'd be easier to remember and more secure.
Why does web site x have an 8 character length limit, alphanumeric only?
Why does web site y have more allowable character types, but minimum of 5 chars, max of 18?
Relevant XKCD: http://xkcd.com/936/
Remember, you can't solve for the parts of a pw, only the whole thing in one go.
It doesn't mean much now, it's built for the future.
Good luck typing any password as long as "correct horse battery staple" correctly on the first time on a handheld device's on-screen keyboard.