Sign In

Communications of the ACM

ACM TechNews

Microsoft Researcher: Passwords Aren't Dead But They Need Fixing

View as: Print Mobile App Share:
Cormac Herley of Microsoft Research

Advice on creating stronger passwords is easily given, but does not address the harms that users actually face, says Microsoft Research's Cormac Herley.

Credit: CRISSP, NYU-Poly

Password use needs an overhaul that is driven by understanding the damage that can be done when password security is compromised, says Microsoft researcher Cormac Herley. He notes that although there are several methods for beating passwords, including keystroke logging, brute-force attacks, phishing, and session hijacking, it is not known exactly how often each type of attack is used, which is data that needs to be analyzed before password systems can be fixed.

In addition, Herley says researchers need to quantify the harm that password compromise causes and differentiate between the worst case and the average case. Security experts also need to offer better user support for passwords so password use is more secure.

Passwords could be more effective if researchers identify when passwords are ineffective and create a method for evaluating alternative systems, Herley says. "No single alternative technology is likely to possess the combination of security, usability, and economic features that meets all goals in all situations," he says.

From Network World
View Full Article


Abstracts Copyright © 2012 Information Inc., Bethesda, Maryland, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account