Don't Kill the Password. Change the Password

Authors

Woodrow Hartzog, Boston University School of LawFollow
Daniel J. Solove

Document Type

Response or Comment

Publication Date

9-29-2015

ISSN

1078-3148

Publisher

Condé Nast

Language

en-US

Abstract

TO ACCESS TO most accounts online and on computer systems, users authenticate their identity by logging in with a password. People are asked to do the Herculean task of coming up with unique long and complex passwords for each account, committing them all to memory, and then changing them frequently. The task is nearly impossible, and when most people fail, they’re the ones who are blamed. But people are not to blame. The problem is with passwords. Passwords are a terrible way to protect the security of data, and they are at the center of far too many data breaches.

It’s time for a change. Passwords alone can’t hack it. There is widespread consensus among data security experts that using only passwords is poor security, and there are readily available alternatives. Yet the lone password has been used for authentication for so long and so widely that it is difficult to change the status quo, even if many wished to. It’s time for the Federal Trade Commission (FTC) to step in and give the lowly password some backup in high risk contexts by requiring a second factor for authentication.

Recommended Citation

Woodrow Hartzog & Daniel J. Solove, Don't Kill the Password. Change the Password , in Wired (2015).
Available at: https://scholarship.law.bu.edu/shorter_works/205

Publisher URL

https://www.wired.com/2015/09/dont-kill-password-change-password/