Identity Theft Prevention and Education Institute™: Passwords Don't work!

Identity Theft Prevention and Education Institute™

The ID Theft Prevention Institute is a professional center for the development of policies at the federal, state, local, & corporate levels that will better protect globally against identity threats. The Institute develops innovative tools for educating employers and employees on safe handling of sensitive information. Research partially funded by NSF and Iowa State University Information Assurance Center. Co-Directors Dr. Steffen Schmidt and Michael McCoy

Tuesday, August 12, 2008

Passwords Don't work!

Oh no! Once again we find that our "best practice" for security on the Net are worthless! When will all this end.

Here is the gist of the problem:

"Password-based log-ons are susceptible to being compromised in any number of ways. Consider a single threat, that posed by phishers who trick us into clicking to a site designed to mimic a legitimate one in order to harvest our log-on information. Once we’ve been suckered at one site and our password purloined, it can be tried at other sites."

"The solution urged by the experts is to abandon passwords — and to move to a fundamentally different model, one in which humans play little or no part in logging on. Instead, machines have a cryptographically encoded conversation to establish both parties’ authenticity, using digital keys that we, as users, have no need to see."

Passwords are OUT! NY Times article. NOW go ahead and read the full article.

Labels: center for information protection, data breach, Dr. Politics, isu center for information protection, Michael McCoy, Steffen Schmidt

Identity Theft Prevention and Education Institute™

Tuesday, August 12, 2008

Passwords Don't work!

0 Comments:

Contributors

Links

Previous Posts