Why Passwords are Great

The first article below is a really good discussion about passwords and why they might be with us for a while. Still, it acknowledges that the password as a security technology is clunky in some of the applications in which it serves.

The second article sheds light on why the password is still ubiquitous and hasn't even been displaced in applications where its displacement is clearly desirable. No biometric scanning device exists that has web-enabled communication and control based on a publicly available specification. Passwords don't suffer from this complication.

A couple of Experts: We're stuck with passwords (Channel Register)

They argue researchers need to revisit the subject of how to get passwords to work efficiently rather than assuming the approach is about to be written off as hopelessly flawed and unfixable. Passwords are here to stay, even though they certainly not appropriate in all cases, because "no other single technology matches their combination of cost, immediacy and convenience that many scenarios require". The researchers are, however, careful to note that there are many cases where passwords are not the best-fit.

"Passwords have proved themselves a worthy opponent: all who have attempted to replace them have failed," the two boffins conclude. "It is fair to say that little progress has been made in the last 20 years: usability has degraded significantly, while security has not improved. The reasons, we suggest, are widespread confusion about why we are trying to replace them, what is required of a replacement, and what improvement is expected once they are replaced."

NIST wants small form-factor, tamper-resistant and handheld fingerprint sensor (Bank Info Security)

The goal of this initiative, for which NIST will provide funding, is to produce a fully functional, handheld device that's capable of biometric acquisition, and controlled through web services as specified in NIST Special Publication 500-288: Specification for WS-Biometric Devices.

NIST recognizes the ubiquity of the Internet and its impact on commerce - the agency, after all, is part of the U.S. Commerce Department - and the need for tools that can assure safe online transactions.

Those of strong constitution might consider clicking here for the NIST Solicitation (PDF), though I cannot recommend it.

ADVICE TO THE FOOLHARDY: You went ahead and clicked it anyway, didn't you?

Now, you're nine pages in and wondering, "What the heck is The Trust Territory of the Pacific Islands?"

You're now only 15 pages from the part about Research Projects Involving Vertebrate Animals.

From there, it's only a short 5-page dash to the good stuff which starts on page 39 of 62 in Section 9.0: RESEARCH TOPIC AREAS.

Welcome to flavor country.