ICIT Fellow Perspective - The Growing Obsolescence of Passwords
Updated: Feb 12
In continued support of our mission to cultivate a cybersecurity renaissance that will improve the resiliency of our nation’s 16 critical infrastructure sectors, defend our democratic institutions, and empower generations of cybersecurity leaders, ICIT asked some of the brightest minds in national security, cybersecurity, and technology to author essays communicating their perspective. Our goal is to share their knowledge and insights with our community to shed light on solutions to the technology, policy, and human challenges facing the cybersecurity community. Our hope is that their words will motivate, educate, and inspire you to take on the challenges facing your organizations.
ICIT Fellow Perspective Essay Authored by Jim Routh "Back at MIT in 1960, Fernando J. Corbató developed passwords while establishing the compatible time-sharing system (CTSS), enabling file permissions to registered users. Sixty years later, user IDs and passwords have served enterprise security remarkably well. In fact, user IDs and password combinations are the predominant credentials used for online authentication on the vast majority of websites, mobile applications, and software-as-a-service (SaaS) applications. Many cyber professionals advocate for increasing the strength of passwords via more character complexity and length, as this will improve the effectiveness of passwords as an authentication mechanism. However, this presupposes that the consumer is the only one who knows their user IDs and password. We are currently facing a reality where passwords are growing in obsolescence, regardless of the length and complexity, due to users choosing the same password for multiple websites and mobile applications since they have so many digital assets requiring credentials." In this ICIT Fellow Perspective Essay, Cybersecurity Advisor, Board Member, and Former CSO Jim Routh explores:
How Credential Conventions No Longer Inhibit Cyber-crime
Why Multi Factor Authentication Often Causes Friction or Fails
What Steps Enterprises Can Take To Implement Behavior Based Authentication
Read The Full Essay