Thursday, March 11, 2010

Passwords: Pro and Con

As a follow-up to the Password Alternatives talk at B-Sides San Francisco by some smart people (watch video), it's clear that password-based authentication has both use cases and failure cases.  The first step in the larger conversation seems IMHO to be defining the advantages and disadvantages for this time-tested method.

Pro:
  1. Portable:  Passwords, being stored in a person's memory, can be taken anywhere.
  2. Durable:  Passwords, being non-physical, can't be "lost".
  3. Convenient:  Quick to set up, requires no special client software.
  4. Ephemeral:  If I change my password, the old one is gone!
  5. "Secure":  Password strength is roughly proportional to length and alphabet size.  A password can potentially be unguessable.
Con:
  1. Static:  The password is the same every time.
  2. Anonymous:  A password is not a unique identifier tied to a person.  If I know someone else's password, I can authenticate myself as them.
  3. Forgettable:  I forgot 4got foreg0t feurgot 4Gott where did I write that darn thing down...
  4. Potentially insecure:  Memorable correlates with guessable, especially if it's based on PII, or uses "standard" sub5t1tu7i0ns 4 l3tters.
So... when are passwords appropriate?

      1 comment:

      1. In this industry we're very good at finding the flaws in any strategy. At this moment, however, I've noticed we have more flaws than solutions. Reading that post today about the XSS attack against password managers (http://ha.ckers.org/weird/xss-password-manager.html) has me thinking that passwords might not be the best solution, but at least we understand the risk! As I see it now, passwords are at once never and always appropriate, in a world where eventually every solution we use will be broken.
        So, unless you've got any ideas about how to stop smart people from breaking things and publishing it on the internet...

        ReplyDelete