Passwords are facing redundancy, says Gates

Passwords are facing redundancy, says Gates

Summary: Microsoft IT Forum: Users will soon have to supply biometric data and carry smart cards to prove their identity, according to the Microsoft chairman

TOPICS: Security
Passwords will soon be a thing of the past, to be replaced by biometric and smart card technology, Bill Gates claimed on Tuesday.

Speaking at the Microsoft IT Forum in Copenhagen, the Microsoft chairman said that users will soon rely on alternative means of securing their identities.

"A major problem for identity systems is the weakness of passwords," said Gates.

"Unfortunately with the type of critical information on these systems, we aren't going to be able to rely on passwords. Moving to biometric and smart cards is a wave that is coming and we see our leading customers doing this."

Gates added that Microsoft plans to issue its employees with smart cards for accessing the company building and their computers. The system will be based on the company's .Net technology.

"In time we will completely replace passwords," Gates said. "Having the .Net capability, we are very excited to see smart cards moving into this framework."

There is growing acceptance in the IT industry that users need to supply greater proof of identity before being allowed onto corporate systems.

Last week, Howard Schmidt, the chief security officer for eBay and former White House adviser for cyberspace, called for greater use of two-factor authentication -- where users must supply two forms of identification.

"We're doing better security now, but we still depend on usernames and passwords as a way of getting online. We now have the technology for the end-user to have two-factor authentication. We expect to see security grow and be federated," said Schmidt, adding that people had to accept the need to supply more credentials.

Schmidt gave the example of how AOL was issuing two-factor Secure-ID tokens to many of its users. He said that bank cards were also a good example of authentication: "They are something you have -- the card -- and something you know -- the PIN."

The Microsoft IT Forum continues until Friday.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Isn't a PIN number a password, though? Albeit a more limited form of one. (Consider that there are only 10,000 possible 4-digit PIN numbers, compared to almost 15 million possible 4-character case-sensitive purely alphanumeric passwords.) So passwords aren't so much being replaced as being augmented with some extra technology.

    As for that extra technology being biometric in nature, would that mean that I'd need to (say) have my DNA rewritten if someone stole my biometric details? And such a theft could happen: does anyone remember that list of AOL email addresses that some AOL employee sold to Spammers, for example? The nice thing about passwords is that at least you can change them easily.
  • If Biometric identity can be made for precise identity of an individual the same system is made universal for access to internet, personal accounts for money transaction, Hopefully we can have every individual identifiable any time and any where. If money transaction outside the scope of biometric identification, the world will become more peaceful and safe .

    This will force every human activity to become beneficial rather than destructive as we find the world today.

    A way to attain UTOPIA