GrIDsure comment on Georgia Tech passwords research
August 2010 by Marc Jacob
“The report from the Georgia Tech Research Institute correctly confirms that passwords are past their sell-by-date. However, I find it bewildering that the Institute is recommending passwords should become longer and more complicated. This goes against every other trend that I have come across in my business and personal life towards making things more convenient and less complicated. Who is seriously going to remember the recommended 12 character strong password consisting of letters, numbers and symbols? It’s a recipe for frustration and you can guarantee that users will either forget these passwords or, more likely, just write them down.
Ultimately, no matter how long and complex you make a password, it can still easily be hacked or stolen by means such as shoulder-surfing or malware (key-logging, screen scraping and so on). I therefore believe that static passwords have no place in today’s connected world and consumers should be offered more effective alternatives that offer better security without making their lives more complex or inconvenient.
Any method for logging on to a computer, a web site or an online service (e.g. online banking) should be based on a one-time passcode (OTP) system. These systems are extremely user-friendly, they are cost-effective for companies to implement, they offer much greater levels of security than passwords and do not force users to remember long and cumbersome set of characters.” Stephen Howes, CEO of GrIDsure