Skip to main content

The future of authentication

Passwords simply will not die. No matter how often industry experts tell us that passwords are the single biggest problem with authentication systems, we seem to be addicted to them.

Perhaps it’s because every computer system and application we encounter expects us to use a username and password. No-one wants to spend the money to switch to two-factor authentication – the cost of the tokens and the administrative overhead is deemed too great.

Biometrics seemed like a good idea, but then Tsutomu Matsumoto proved that fingerprint readers are utterly fallible using his “Gummi Fingers” experiment (see Bruce Schneier’s article at (opens in new tab)), and anyway there’s the cost issue again.

Some imaginative solutions like Passfaces ( appear from time to time. Unfortunately, the inertia of the corporate “standard build”, the perceived cost of implementation, the anticipated admin costs and most of all the absence of any real understanding of the issues leads to a continuation of the password legacy.

I had hoped that the corporate enthusiasm for identity management would facilitate a sea change in authentication mechanisms, but no. In fact it appears to simply multiply the risk without enhancing the logon process at all.

So the future - maybe smart cards with simple and cheap smart card readers in every desktop and laptop? Perhaps USB tokens with a PIN number? Or perhaps the continuation of the password, enhanced (if anyone will listen) into a passphrase and assisted by password safe software …

This blog post is an excerpt of an opinion piece called “Identity Theft in The Corporate World” written by Peter Wood from First Base Technologies. You can find more about this security outfit at (opens in new tab)

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.