Security from A to Z: Passwords

The debate oscillates between telling people to be creative to telling them to write passwords down. Part of a series on hot security topics.

Natasha Lomas Mobile Phones Editor, CNET UK

Natasha Lomas is the Mobile Phones Editor for CNET UK, where she writes reviews, news and features. Previously she was Senior Reporter at Silicon.com, covering mobile technology in the business sphere. She's been covering tech online since 2005.

See full bio

Natasha Lomas

Nov. 28, 2006 12:19 p.m. PT

Passwords cause problems.

For the IT department, password management is a headache, with many hours devoted to carrying out password resets for forgetful users. There's also the plain old human laziness of using the same password for a range of logins, or even using "password" as a password. Passwords are only as good as their all-too-human owners, and even then a hacker using a keylogger, say, can make off with their secret.

In business, the debate about how to encourage password best practice oscillates between teaching users to be "creative" in making passwords that are adequately complex, to telling users to write down passwords somewhere secure. People are also told to use password management software, so they don't resort to choosing easy words or using the same password for several logins.

But it's a losing battle, some experts say.

In May, Gartner analyst Jay Heiser said passwords are "fatally flawed" and can't stand up to "motivated attackers". The drive to develop new ways of authenticating users, such as two-factor authentication or human biometrics, is in part fuelled by awareness of the weakness of systems built on crackable password security.

Some have predicted that passwords will be replaced with biometrics or other technology in the long term. Just how far away that day is remains to be seen.

Natasha Lomas reported for Silicon.com in London.