Bill Gates: The wizard of murk

Bill Gates: The wizard of murk

Summary: Kicking off the RSA security conference in San Jose last week, Microsoft's chairman Bill Gates told the masses of security folk that the next version of Windows will mark the beginning of the end for passwords.Apparently, a tool called InfoCards will provide us with the foundation we require to slowly phase out the password.

SHARE:
TOPICS: Security
5

Kicking off the RSA security conference in San Jose last week, Microsoft's chairman Bill Gates told the masses of security folk that the next version of Windows will mark the beginning of the end for passwords.

Apparently, a tool called InfoCards will provide us with the foundation we require to slowly phase out the password.

"I don't pretend that we are going to move away from passwords overnight, but over three or four years, for corporate systems, this change can and should happen," said Gates.

Now this is the third year in a row that Bill has opened the RSA conference and the second time he has predicted the demise of the password.

Two years ago I was in San Francisco for Bill's first opening keynote and at the time he told us that "There is no doubt that over time, people are going to rely less and less on passwords. People use the same password on different systems, they write them down and they just don't meet the challenge for anything you really want to secure."

I feel it my duty to point out that in May last year at the AusCERT conference on Australia's Gold Coast, Jesper Johansson, senior program manager for security policy at Microsoft, said the security industry had been giving out the wrong advice to users by telling them not to write down their passwords: "How many have a password policy that says under penalty of death you shall not write down your password? I claim that is absolutely wrong. I claim that password policy should say you should write down your password."

Lets not worry about this for now and get back to Johansson's boss.

Two years ago, Gates didn't seem to have a solution to the password problem but he did flog the relative merits of SecurID for Windows, which was a partnership between Microsoft and RSA that would allow easy integration of RSA's almost ubiquitous tokens with Microsoft's ubiquitous operating system.

However he may have thrown a spanner into the works by admitting -- during the same keynote a few minutes later -- that Microsoft itself had decided not to deploy RSA's tokens in its Redmond campus and had instead opted for a smartcard-based solution.

Oh, and I do believe that at the same time he also said the spam problem would be eradicated within two years. That deadline has passed and, as he admitted on stage last week, there is still 'work to be done'.

So what do we make of Bill's latest 'prediction'?

I was talking about this to a friend of mine who also happens to be a very respected security guru and he said something that sums up the situation nicely.

"There's no place like home. There's no place like home. Bill is just like Dorothy, he thinks that if he says it enough times it will come true."

Topic: Security

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • Out of touch

    Bill Gates is so out of touch it's not funny...it's the young guys that are doing great things in Microsoft at the moment.

    Rob
    anonymous
  • boring!

    InfoCards is something that has been available on the Mac for ages and we still have to remember passwords.
    anonymous
  • More on Bill Gates Comments

    Actually Bill is not predicting the end of all passwords, but the end of weak password-based authentication i.e. using your date of birth or your dog's name as a password, writing it down on a post-it note and slapping it on your workstation, or sharing it around so your friends can use it too. That's just asking for trouble.



    One-time passwords, such as those generated randomly by RSA tokens, are still a strong and viable component of two-factor authentication. Since RSA is now working with Microsoft to develop SecurID technology for Windows, rolling out that two-factor authentication across enterprises will soon become much easier.



    The fact that Microsoft has gone for smart card security internally, rather than two-factor authentication, is not a condemnation of the two-factor approach. It's actually an illustration of what RSA calls Adaptive Authentication -- an approach to security that involves matching degree of risk with strength of authentication, and factoring in end-user preferences at the same time.



    There are no one-size-fits-all security solution any more -- better to have a range of tools and the flexibility to deploy them whenever and wherever the threats present, and in the form factor required. No use waiting for the threats to emerge; then it's too late!



    And something else to consider. With smart cards and biometrics, you still need to keep the master data somewhere safe -- for comparison purposes during authentication, and in case of card loss or theft. So how are we going to protect the master data and manage issues like privacy and compliance? There will still be a need for really robust authentication at the core.
    anonymous
  • Bill Gates ID card

    What a load of rubbish. Anyone who thinks that will cure anything is just dumb. The only smart thing about Bill is that he knows he can put out dodgy software and millions of lamers will promptly tell him what's wrong with it for free.
    Saves him millions of dollars. Even the best key generators are able to be defeated already, long before they've been properly deployed. All you have to do is ask an actual expert who doesn't work at selling them to unsuspecting fools.
    As for buying biometric devices - oh yeah I can just see mum and dad lining up to get one.
    Get a grip and think about what is really needed.
    If anyone wants absolute security for transactions and logons, email me. I don't work for free though I will guarantee what I do and indemnify any user against losses if they use our technology. Banks - I challenge you to call my bluff - I'll protect all your transactions with full indemnity and only charge you half your present losses.
    I'll even guarantee no losses if the card and pin/password are stolen and the owner is unaware. I don't expect I'll get too many of you lining up to put yourselves out of work.....
    anonymous
  • Myspace

    KAYO MARBILUS MYSPACE BLOGS myspace.com/kayomarbilus William Henry "Bill" Gates III (born October 28, 1955)[2] is an American business magnate, philanthropist, author, and chairman[3] of Microsoft, the software company he founded with Paul Allen. He is ranked consistently one of the world's wealthiest people[4] and the wealthiest overall as of 2009.[1] During his career at Microsoft, Gates held the positions of CEO and chief software architect, and remains the largest individual shareholder with more than 8 percent of the common stock.[5] He has also authored or co-authored several books.
    Gates is one of the best-known entrepreneurs of the personal computer revolution. Although he is admired by many, a number of industry insiders criticize his business tactics, which they consider anti-competitive, an opinion which has in some cases been upheld by the courts.[6][7] In the later stages of his career, Gates has pursued a number of philanthropic endeavors, donating large amounts of money to various charitable organizations and scientific research programs through the Bill & Melinda Gates Foundation, established in 2000.
    Bill Gates stepped down as chief executive officer of Microsoft in January, 2000. He remained as chairman and created the position of chief software architect. In June, 2006, Gates announced that he would be transitioning from full-time work at Microsoft to part-time work and full-time work at the Bill & Melinda Gates Foundation. He gradually transferred his duties to Ray Ozzie, chief software architect and Craig Mundie, chief research and strategy officer. Gates' last full-time day at Microsoft was June 27, 2008. He remains at Microsoft as non-executive chairman.
    anonymous