Sevan Networks Logo Identity Authentication for Web Security
home solutions products white papers about us

What is wrong with passwords?

Passwords exhibit the following problems:

  • Lost: Security professionals tell us that passwords should be difficult to remember and should never be written down. An unfortunate consequence of these guidelines is that users forget passwords. A lost password brings up two issues: the user can't access the resources until he receives a new password, and the process of obtaining a new password creates a significant security vulnerability.

  • Stolen: When a thief obtains a user password, he can access the user's resources. Getting a password is not that hard: they are written down, they can be guessed through "dictionary attacks", and they can be requested directly from the user or from overly helpful help desk personnel.

  • Reused: Many consumers and even some employees ignore the prohibition on reusing password. For their convenience they reuse a single password for multiple applications. When a dishonest administrator discovers the password used in one application, he can use it with the other applications. It is a simple way to steal passwords and is a very common security exploit.

  • Shared: Both consumers and employees commonly share passwords. Consumers share subscriptions to paid services by sharing passwords. Employees share passwords as a convenience or favor. Sharing passwords increases the likelihood that the password will be stolen. Sharing also reduces revenue for paid services. Shared passwords also make auditing virtually impossible.

Although passwords have these well-known deficiencies, people continue to put up with passwords.  Until recently, there were no real alternative;  that is until the Sevan WSA™ web Identity Authentication™ appliance.

"The whole notion of passwords is based on an oxymoron. The idea is to have a random string that is easy to remember"

-- Bruce Schneier,        Secrets and Lies
Copyright 2002-2009 Sevan Networks, Inc. All Rights Reservedd