Online Article Page


Digital Domain: Goodbye, Passwords.
source: New York Times

Photo Illustration by Tony Cenicola/The New York Times

When I asked Scott Kveton, chairman of the OpenID Foundation's community board, about criticism of OpenID, he said candidly, "Passwords, we know, are totally broken." He said new security options, such as software that works with OpenID that installs within the browser, are being offered. When it comes to security, he said, "there is no silver bullet, and there never will be."

Kim Cameron, Microsoft's chief architect of identity, is an enthusiastic advocate of information cards, which are not only vastly more secure than a password-based security system, but are also customizable, permitting users to limit what information is released to particular sites. "I don't like Single Sign-On," Mr. Cameron said. "I don't believe in Single Sign-On."

Microsoft and Google are among the six founding companies of the Information Card Foundation, formed to promote adoption of the card technology. The presence of PayPal, which is owned by eBay, in the group is the most significant: PayPal, with its direct access to our checking accounts, will naturally be inclined to be conservative. If it becomes convinced that these cards are more secure than passwords, we should listen.

BUT perhaps information cards in certain situations are convenient to a fault, permitting anyone who happens by a PC that is momentarily unattended in an office setting to click quickly through a sign-on at a Web site holding sensitive information. This need not pose a problem, however.

"Users on shared systems can easily set up a simple PIN code to protect any card from use by other users," Mr. Cameron said.

The PIN doesn't return us to the Web password mess: it never leaves our machine and canít be seen by phishers.

Unlearning the habit of typing a password into a box on a Web page will take a long while, but it's needed for our own protection. Logging on to a site should entail a cryptographic conversation between machines, saving us from inadvertently giving away the keys.

No more relying on our old companion "LetMeIn."

Randall Stross is an author based in Silicon Valley and a professor of business at San Jose State University.