One password too many

One password too many

Summary: weekly roundup As a kid, I made a sport out of remembering as many phone numbers as I could. I actually got pretty good at it--so much so that my parents would use me as their phone directory when they needed to call a relative.

SHARE:
TOPICS: Security
3

weekly roundup As a kid, I made a sport out of remembering as many phone numbers as I could. I actually got pretty good at it--so much so that my parents would use me as their phone directory when they needed to call a relative.

All that changed when I got my first mobile phone. But without caller ID (this was back in the late-90s), I still had to learn to recognize the number of my friends so I would know who was calling. However, as the number of contacts stored in my mobile grew from 2 to over 200--and caller ID became a common feature--I eventually decided not to overwork my memory cells.

These days, I'm lucky if I remember where I parked my car.

So, I was stunned when a study this week revealed that 36 percent of business users said they manage more than 15 passwords at one time in order to access various work-related applications, while 18 percent juggle between six and 15 passwords.

That's a whole lot of alphanumeric chunks to remember. Small wonder that some resort to stuffing pieces of paper with their passwords scribbled on it under the keyboard or behind the monitor.

In the early 2000s, several security vendors had pushed single sign-on (SSO) as a solution to this problem. It allows access to all applications that the user is given via a single ID and password. But SSO is not infallible.

But having to remember more than 15 passwords at one time is definitely not the way forward. And with the advent of new security tools such as biometrics and smartcards, I'm surprised that business users today are still made to manage such a high number of passwords.

What will it take for passwords to be a thing of the past?

In other news this week, find out why some people are talking like pirates and why the family of SingTel's Chua Sock Koong will probably be out celebrating this weekend. Also, bookworms may soon be flocking to Singapore's subway stations while one CTO will likely stay away from Windows Vista.

Topic: Security

About

Eileen Yu began covering the IT industry when Asynchronous Transfer Mode was still hip and e-commerce was the new buzzword. Currently a freelance blogger and content specialist based in Singapore, she has over 16 years of industry experience with various publications including ZDNet, IDG, and Singapore Press Holdings.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • The way I see it either biometric authentication coupled with user ID and Password or PKI based solution would work.

    OTP is passe because it is bulky as compared with normal crypto tokens and not as useful as a PKI based solution (PKI still can be used with encryption, authentication, non-repudiation, digital signatures etc etc)

    The issue now is that biometric devices by itself are now too proprietary and lack of a standard to make it ubiquitous and it still has false positives problems.

    The current market trend of putting biometric authentication linked to digital certificates so that it is the certificate that authenticates a person coupled with SSO is actually very ideal.
    anonymous
  • Some people can handle all those passwords, others can't. Check out this post for a study done of the top 10 common passwords in the U.K. The top 10 made up 1.8% of all passwords!

    http://www.techknowbizzle.com/2006/09/top-10-common-uk-passwords.html
    anonymous
  • i often forgot my password as well
    anonymous