Passwords Are Killing Us

The password won’t die, but it’s killing us.

That was the message this morning from Jeremy Grant, senior executive adviser, National Strategy for Trusted Identities in Cyberspace (NSTIC), at the Global Identity Summit in Tampa. Estimates put the blame for 76 percent of network intrusions on weak passwords. Beyond security, they also affect commerce, as the majority of customers will leave websites rather than create accounts. Passwords are not beloved and are not doing us any favors, Grant explained.

Strong credentials that people trust will unlock new government and private sector activities. A trust gap is developing in regard to how personal information in the digital world is shared, stored, bought and sold. As that grows, fewer people will feel confident conducting business online, and organizations can offer less to their user bases. What NSTIC wants to see is users already having secure, non-password credentials when they arrive at websites. Barriers to such technology go beyond security to include usability, liability, privacy, business models and interoperability. Ultimately, the strategy is designed to catalyze the marketplace so Americans can choose better identity-authentication solutions.

Progress already has been made as two-factor authentication is proliferating online. The Identity Ecosystem Steering Group, established by NSTIC and founded in 2012, now has more than 200 organization members, more than 60 individual members and multiple members from advocacy groups, university and international contingents.

Pilot programs initiated by NSTIC have resulted in technologies that protect financial services and health care. Other efforts include protecting veterans by allowing them to apply for services without using identifiers such as their DD Form 214 and enabling parents to protect their children’s online identities. More than 140 universities deploy a smartphone-based multifactor authentication technology developed through another pilot.